Protecting your human assets protects everything else: Lookout’s Mobile Endpoint Security
There have been two significant changes in the last two or three years that have affected cybersecurity. The first of these is the ubiquity of mobile devices in the pocket of every employee. The second is the focus hackers now bring to bear on people, rather than the network perimeter, or the static resources inside it.
In combination, those changes are causing significant problems for employers, who are attempting to balance encouraging mobile and remote working, and keeping the enterprise’s sensitive information safe. On the one hand, there are benefits from workers at all levels being capable of working on the move, from anywhere, during a long commute, or from a hotel lobby on a personal or company-issued device.
Conversely, the power and permanent connectivity of mobile devices mean they can, if compromised, be used to wreak significant havoc in data security terms. The risk is significantly increased when the device is personally-owned, on a BYOD basis.
Many of the same risks to mobile devices are present on traditional endpoints, like the desktop PC, but the means of control and protection of those devices are arguably easier and are more familiar territory for cybersecurity teams (company laptops prevented from accessing Facebook Messenger, WhatsApp and Discord, for example). But personalized phishing attacks are highly effective, and responding to messages, links, websites, and apps is built into users’ muscle memory on mobile.
For cybersecurity teams, the reality is a “post perimeter” world. Sure, the perimeter still needs protection and always will. But because of mobile devices and the cloud-based nature of many enterprise resources, applications and services mean the very definition of “the perimeter” has changed, too.
The simplicity and effectiveness of a phishing message, seemingly addressed to and often personalized for individuals, means it is the most “popular” form of attack at present. In the hacker’s eyes, messages are cheap to send, have a high rate of “positive” results, and their mechanisms and techniques are relatively simple to learn. Indeed, compared with finding a way around a modern firewall into a data center that’s fully patched and monitored, sending out a bulk message is Hacking 101.
The victims can be generally relied upon in significant-enough numbers to click a rogue link, visit a site, or download an “important document” for the minimal hacking effort to pay dividends. The returns for the hacker are multiplied by another aspect of human frailty — the habit of using the same passwords and credentials for multiple sites and services.
Again, those metrics multiply in the case of BYOD devices, when many users re-use their sole password for all personal and work activities. For the hacker, that’s all great news, but for the organization that’s breached, it’s dynamite capable of demolishing the entire infrastructure.
Solutions 101 against hacking 101
There are several solutions on the market that hope to address the mobile endpoint security situation. However, the majority use the type of technology that’s transposed from “traditional” endpoint protection systems. As a result, they may not be as effective as dedicated software and hardware that were designed, from the ground up, to be mobile-first solutions.
Respecting users’ (and the employer’s) privacy is now an important matter of governance. If any BYOD device is used to access and/or store commercial data, then GDPR (or its local equivalent; the California Consumer Privacy Act, for example) could apply, making mobile security a significant issue. That’s a security element which older solutions have had to factor in.
Here at TechHQ, we’d like to highlight a specifically-mobile solution that’s both effective and aids compliance. The Lookout Mobile Endpoint Security platform is an effective mobile agent that cross-checks outgoing traffic from an individual’s device against known rogue destinations. Therefore, every scrap of data interchange, personal or business-related, can be assured not to be terminating in a place designed to compromise the user — and by proxy, the device.
User‘s protection = organization’s protection
Ensuring that every employee at every level* is safe, as they use any device that’s connected to the internet, is no easy task. In most cases, the most effective approach is multi-pronged, comprising of a mixture of, for instance, multi-factor authentication, single sign-on, network monitors, log file analysis, software agents on endpoints and cloud services, to choose just a few. However, given the ubiquity of smart devices carried by the vast majority, it’s surely time for cybersecurity teams to give this area of their remit the attention it deserves?
*the higher ranking the person, the more of a liability they represent, in cybersecurity terms.
Before Lookout’s Mobile Endpoint Security solution came to market, companies were sometimes minded to think they faced a stark choice: either issue an outright ban on all non-mandated devices connecting to any resource owned by the company (including the network) or accept the reality that devices and services will be compromised as a result of user behavior.
Unfortunately, that approach fails on two grounds. Firstly, it’s not the type of IT policy that’s business-centric and is redolent of the restricted desktop model of 1990s computing that gave IT departments a reputation for obstinacy — and a handy excuse for circumvention of any security measure. Secondly, company-mandated mobile devices are operated by human beings, and they are (without exception) as we’ve discussed, the cause of the majority of openings into the enterprise’s facilities, irrespective of the equipment they use.
With that reality in mind, in a future article we’ll be looking at the Lookout platform in greater detail, perhaps touching on how industrial giant Schneider Electric now protects 50,000 of its mobile devices using the Lookout solution (with protection extended to 25,000 BYOD devices coming soon). But until that article goes to virtual press, you can read more about this, our recommended platform here.
See you next time!