Cyber Defense eMagazine - March Edition 2019

More documents

Info

illion risks and threats among its customers, or about 50 per device. The sophisticated tactics that hackers use to conduct cyberattacks are bypassing office walls to where employees – and thus, their employers – are most vulnerable: mobile. Take phishing, for example. According to Verizon, over 90 percent of breaches started with a phishing attack and Adestra notes that over 60 percent of emails were opened on mobile devices. The problem is that mobile devices such as smartphones are fundamentally different from other enterprise devices such as desktops and laptops in this vital respect: IT does not administer the advice – the user does. Although modern collaboration techniques often require employees to create and share unstructured company data from their mobile devices, IT does not have the proper amount of visibility into these devices to know what threats the company data may be facing. This explains why, in a recent survey, Zimperium found that 42 percent of organizations were unsure if mobile devices had been involved in past security breaches involving their organization. Best Practices in BYOD and Mobile Security There’s no denying that personal devices in the workplace aren’t going anywhere, given the unparalleled value that they bring to organizations. In fact, Forbes recently reported that enabling the mobile workforce drives 30 percent better processes and 23 percent higher productivity. However, balancing the use of mobile with recognition of and preparation for the growing number of cyber-risks these devices face needs to become a top priority for IT teams in <strong>2019</strong>. Data mandates such as Europe’s General Data Protection Regulation (GDPR) have shown that governments and consumers are getting serious about the security of their information. It’s essential to keep sensitive company information secured on mobile devices in order to maintain trust from customers and, in turn, maintain a competitive edge. The bottom line is that organizations need to embrace a healthy mobile security policy that protects the organization and its sensitive IP while promoting productivity on mobile devices both inside and outside of the corporate network. For enterprises who are struggling to adopt mobile security best practices, here are a few key things to consider when balancing BYOD and security: • If mobile devices are being used to access corporate data, including from sources such as email and mobile applications, the company has a responsibility to ensure the data is protected. This applies to corporate devices as well as BYOD devices. Perhaps the most basic and all-encompassing reason for this is that without ensuring data is protected, companies will be out of compliance with one – or multiple – regulations. The modern-day business environment means that every company is now a technology company. The average company in operation today typically processes and stores a large volume of highly sensitive employee, customer and client data that they have an obligation to protect. Regulations such as Europe’s General Data Protection Regulation (GDPR) show us that today’s consumers and employees are taking the mismanagement of their data more seriously than ever before – and so are their governments. In addition to avoiding millions of dollars in potential fraud and fines, the
proper handling of sensitive data is key to keeping consumer trust and, in turn, staying competitive. • It's important for all companies to recognize that today’s devices contain highly personal information that is private and confidential to the owner of the BYOD device – and every precaution should be taken to not impact that privacy. In a recent Zimperium research report, 14 percent of companies stated that employee privacy concerns were an inhibitor to adopting BYOD. It’s important to keep the security of your company data in mind when adopting a BYOD policy, but it’s equally imperative to protect your employees’ privacy. BYOD can spike a huge increase in employee productivity, but they’ll only capitalize on the opportunities that BYOD brings if they trust that their personal data is being kept private. In the same research report, 53 percent of respondents said BYOD adoption would increase if IT couldn’t view or alter personal data and apps. • To have the greatest chance of adoption and success, any BYOD security policy must be as easy and as unobtrusive as possible. Everyone in the security industry already knows that IT resources are more strapped than they’ve ever been before. To keep both your employees and your IT team happy, the best BYOD policy is a simple BYOD policy. Making an effort to ensure your policy is well-communicated and understood throughout your organization will help boost adoption rates. Find ways to show employees how they can integrate their personal devices into their professional tasks while following your BYOD policy and staying secure. Additionally, making security personal by emphasizing the ways in which following your BYOD policy benefits employees personally as well as the company can help boost adoption. Technology’s rapid evolution has revolutionized the ways in which we communicate both personally and professionally. In addition to corporate-owned devices, today’s employees also expect the ability to bring, connect and fully utilize their own personal devices at work. The productivity benefits that BYOD policies bring to the enterprise are well-documented, but in today’s era of elevated cyber-risk, sophisticated hackers and high-stakes regulations, it’s imperative to balance BYOD with mobile security. By following these best practices, organizations can start on the right path toward creating a satisfied and secure workforce. About the Author JT Keating is the vice president of product strategy at Zimperium. He has brought software and mobile communications solutions to market for 25 years. Being passionate about security, he helped define and create multiple innovative approaches including application whitelisting at CoreTrace (acquired by Lumension), integrity verification at SignaCert and the first behavioral malware/phishing solutions at WholeSecurity (Symantec). JT can be reached online at https://www.linkedin.com/in/jtkeating/ and at www.zimperium.com.
Page 1 and 2: Data Breaches: Beyond Exposing Iden
Page 3 and 4: CONTENTS (cont') Prioritizing Secur
Page 5: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 22 and 23: Data Breaches: Beyond Exposing Iden
Page 24 and 25: About the Author Kem Gay is an Inte
Page 26 and 27: Rip Off the Band-Aid This leaves us
Page 28 and 29: Why Biometric Data Use Poses Unique
Page 30 and 31: • DNA Kits: If you purchased or u
Page 32 and 33: How to be Workforce Ready and Stand
Page 34 and 35: Maximiliano Gigli, a third-year cyb
Page 36 and 37: Interestingly, the two groups diffe
Page 38 and 39: Cross-site Scripting Is an Underrat
Page 40 and 41: Stealing HTML5 web storage data: HT
Page 42 and 43: Cybersecurity in New York City, the
Page 44 and 45: A boom in cybersecurity startups se
Page 48 and 49: Some Important Developments in the
Page 50 and 51: About the Author Sharmistha Sarkar
Page 52 and 53: employees to contractors and sub-co
Page 54 and 55: The Internet of Things Engineering
Page 56 and 57: About The Author Milica D. Djekic i
Page 58 and 59: kind. Many of them require some kin
Page 60 and 61: 2019 Risks in Focus: Cyber Incident
Page 62 and 63: However, the past year has also wit
Page 64 and 65: Why Insider Threats Are One of the
Page 66 and 67: Unlike with outside security threat
Page 68 and 69: Organizations will also frequently
Page 70 and 71: The US Must Catch Up to Other Promi
Page 72 and 73: The fact is, the wider internationa
Page 74 and 75: Integrate Compliance and Regulation
Page 76 and 77: Security have and have-nots How org
Page 78 and 79: 1. People Having the right people c
Page 80 and 81: sources (such as syslog’s, Net Fl
Page 82 and 83: Limitations of Current Endpoint Sec
Page 84 and 85: For effective detection, most EDR s
Page 86 and 87: Why Wi-Fi Hacking Will Persist Desp
Page 88 and 89: About the Author Ryan Orsi is Direc
Page 90 and 91: questions such as, “Who added a w
Page 92 and 93: About the Author Josh Paape is an O
Page 94 and 95: for well-known, repeatable needs fi
Page 96 and 97:
Overcoming Software Security Issues
Page 98 and 99:
Implementing Security Checks at Str
Page 100 and 101:
Phishing in the Dark: Employee Secu
Page 102 and 103:
phishing threats. Furthermore, almo
Page 104 and 105:
Unfortunately, once an application
Page 106 and 107:
Software Should Come with a “Nutr
Page 108 and 109:
vulnerabilities. If they find vulne
Page 110 and 111:
I can't get no satisfaction, I can'
Page 112 and 113:
How Organizations Should Choose a L
Page 114 and 115:
load balancers capable of integrati
Page 116 and 117:
SaaS DNS Security: Are you Protecte
Page 118 and 119:
associated with any security event
Page 120 and 121:
120
Page 122 and 123:
122
Page 124 and 125:
124
Page 126 and 127:
126
Page 128 and 129:
128
Page 130 and 131:
130
Page 132 and 133:
132
Page 134 and 135:
134
Page 136 and 137:
136
Page 138 and 139:
138
Page 140 and 141:
140
Page 142 and 143:
142
Page 144 and 145:
144
Page 146 and 147:
146
Page 148 and 149:
148
Page 150 and 151:
We’ve launched http://www.CyberDe
Page 152 and 153:
Marketing and Partnership Opportuni
Page 154 and 155:
Regent University’s Institute for
Page 156 and 157:
156
show all

Cyber Defense eMagazine - March Edition 2019

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?