BYOD may have a sinister connotation for some enterprise IT professionals. It may mean "Bring Your Own Deadly... fill in the blank with "virus," "malware," or "advanced persistent threat."
In its latest "X-Force 2012 Mid-Year Trend and Risk Report," made public today, IBM says analysis of over 15 billion security events daily from devices in more than 130 countries is showing that mobile devices are increasingly under threat in companies worldwide; that Apple's iOS is more vulnerable than ever to advanced persistent threats (APTs); and that social networking offers unique opportunities for criminal attacks on user networks.
IBM found that, overall, during the first half of 2012 mobile vulnerabilities were down to the lowest levels since 2008. That said, though, users are most likely to be attacked on the data side of the mobile equation. For instance, criminals are disguising their malware in legitimate-looking mobile apps, some of which are even sold in regular app stores.
Another area of vulnerability for enterprise users is social networking passwords, which have become increasingly important to marketers in the age of social business.
"During the first half of 2012, we've seen an increase in the amount of sophisticated and targeted attacks from malware and social networking Website passwords," said Clinton McFadden, senior operations manager for IBM X-Force research and development, in a prepared statement. "In response, organizations must take proactive approaches to better protect their enterprises and data, because as long as these cyber attacks remain lucrative, the attacks will keep coming."
IBM says enterprises can fight back with solid BYOD policies defining clearly how users should access the network and authenticate themselves on it. Passwords are particularly important: IBM recommends lengthy, multi-word passwords that are encrypted and subjected to a hash function on the server. IBM says it's also important to make sure enterprise data is protected from corruption via "sandboxing," a technique that cordons off applications and data, such as PDF documents, to avoid infection.
A trend noted by IBM is that threats to enterprise security are getting more complex, presenting added danger given that many organizations are pulling back on IT spending. "Enterprises are faced with a lack of in-house security skills and limited budgets to maintain their security environments," says Kris Lovejoy, general manager of IBM Security Services.
In summary, a theme of this latest X-Force report is that enterprises remain vulnerable to attack, though the nature of attacks changes over time. As users turn more to smartphones and mobile work, it's important for IT to follow through with associated protections. Online criminals aren't disappearing; wherever there are users and Web applications, they'll be looking for the gap that lets them in -- and even a sliver of leeway can provide a foot in the door.
A final note: IBM has opened a new security operations center in Wroclaw, Poland -- Big Blue's tenth such facility -- to enhance its security research and offer network and systems protection to customers.
@Mary - I don't think it really matters. You need to find a solution that works for all these systems, mainly iOS and Android, for the mobile BYOD sector. It's not the hardware that we're concerned with here, but the software running on top it.
If you can't satisfy the demands of the OS you're brining in for our BYOD enviroment than you can't use your personal device. The software I use to manage personal mobile devices is "Good for Mobile" and it covers everything except Blackberry.
And honestly, I don't know anyone that uses a Blackberry for personal use :)
But scucci, do you think that allowing only certain brands of company-approved devices onto a corporate wireless network is a more secure policy than BYOD to the same corporate net?
I'm a security engineer and BYOD will happen one way or another. We can't say no to these issues, but we can't allow just anything to enter into our network.
Strong architecture, technology, policy and training are the ways to handle such a phenomenon as BYOD.
Not having wireless networks doesn't make you any more secure.
Long, complex passwords are great but what the Internet really needs is a replacement for passwords as an authentication mechanism. They're inconvenient, users have to track hundreds of them, and they still don't secure systems.
I doubt it. We just merged with a larger company and they are adopting our wireless policy. Their PCI compliance people and data privacy lawyers loved it.
If we must add wireless Internet we are planning to build a dedicated data closet for it with a dedicated internet circuit coming into it. It will come nowhere near our LAN to prevent an accidental connection of the two networks.
I live by 1 simple thing on wireless. There is no amount of encryption that can protect wireless. Once you broadcast something it should be considered insecure.
This is why I have banned BYOD from our corporate network.
We have no wireless gateways and any laptop or other device plugged into our LANs are treated as a hostile device by the network.
Simple steps must be taken when installing a new device, but the comfort level is high when you see it work while installing a new laptop, PC or networked printer.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Facebook and Twitter are great for posting cat pictures. But are people really using social media for life-changing communications? Like, if a hurricane comes by and blows down their house?
In a standout presentation at the Jefferies 2013 Global Technology, Media & Telecom Conference in New York this week, the UK government talked about becoming a "very intelligent client."
A consumer business would have to be crazy or desperate to change call-center software in December, the peak of the holiday season. But that was exactly Positec's position.
To help enterprises deploy software faster for mobile, social, big-data, and cloud applications, IBM this week acquired development tools vendor UrbanCode.
Internet Explorer seems like a relic of the 90s, like parachute pants and Friends. But that's just me. I'm a Chrome guy, and before that I used Firefox.
New tools like laptops, tablets, smartphone, and wireless connectivity let us work from San Diego to Katmandu, and anywhere in between. But time management remains a problem.
A survey by JD Powers found that customer interest in product features is lessening as phones evolve. Rather than features, price is driving purchases, and that change could have a dramatic impact on how IT departments secure these devices.
The bring-your-own-device approach isn’t suited to monitoring of enterprise equipment and processes. In these cases, it is up to IT to come forward with gear suited to the task.
All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Showing results is the best way to win over social business doubters, according to Mary Maida, Medtronic lead information solutions manager. Internet Evolution's Mitch Wagner interviewed Maida at the E2 Innovate conference.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
