Network Threats Are Hitching a Ride in Mobile Environments
Innovation never stops in the mobile world, and that rule applies to security threats as well. Network attacks are becoming more sophisticated and even high-tech businesses with the most advanced security may find themselves in the crosshairs as we shift to more devices and anywhere access.
Just a few weeks ago, multiple leading social networking and large enterprises were hit with an attack when their employees visited a known and trusted website focused on mobile application development. Attackers used a method commonly referred to as “water-holing,” where they compromise a legitimate site commonly visited by employees of their target organizations. Using zero-day vulnerabilities and malicious code that change at a rapid rate, these attacks highlight the need to consistently enhance traditional defenses based on signatures or reputation with global and local context analysis.
This episode underscores how important security is in a more mobile, more connected world—attackers are paying attention, using these industry trends to create targeted and sophisticated attacks that can bypass traditional defenses. The Cisco 2013 Annual Security Report found that Android Malware grew 2,577 percent in 2012 alone. The Internet of Everything is taking shape and the number of online connections is soaring. According to Gartner’s Top 10 Strategic Technology Trends for 2013, 30 billion things will be connected by 2020.
And the things connecting will be more than PCs, tablets, and smart phones. Devices like intelligent sensors, healthcare equipment, and even utility systems will be getting online. According to the Cisco Visual Networking Index (VNI), machine-to-machine (M2M) connections will grow from 5 percent of all mobile connections to 17 percent in 2017. At a recent event in Melbourne, Carlos Dominguez, Senior Vice President at Cisco, joked, “You know the Internet has arrived when a light bulb is connected to the Internet.”
Even in the workplace, where networking is usually more controlled, people are connecting in new ways. More than half of employees are bringing their own devices to work, as companies embrace BYOD programs. Employees on the go routinely catch up on work at home or in a coffee shop, connecting to apps and services over the cloud.
“More and more, it’s about any device in any location coming over any instantiation of the network,” says Chris Young, Sr. Vice President of Cisco’s Security and Government Group. “Smartphones, tablets, and more are trying to connect to applications that could be running anywhere.”
In this new, mobilized world of “any-to-any” connections, you can’t secure every device—you need a new approach to security.
The 2013 Cisco Annual Security Report offers some good tips, including a holistic approach to security that focuses on the network—not just individual devices.
With the right approach to security, you can give your employees the freedom to work the way they want, without putting themselves, or your company, at risk. Certainly here at Cisco we take this seriously. When we set up our BYOD program for employees, the company developed a unified policy across all of its wired, wireless, and remote access environments. This approach makes it easy for people to securely connect with their own devices. And, it provides posture checks to make sure people can’t connect to the company network with risky devices like jail broken smart phones that could carry security threats.
How are trends like BYOD and mobility changing the way your company thinks about security? We’d like to hear from you.