The way we work is constantly changing and we often talk about enabling the future of work with a cutting-edge approach, and while this is correct, does that mean we are guilty of missing out on the here and now? Modern work takes place outside the traditional network perimeter in a mobile cloud environment, and the modern workplace itself consists of a number of different connected devices. Cybercriminals work around the clock to try to exploit any vulnerabilities they can find, and new connected devices in the Internet of Things (IoT) are a major target.
About the author Simon Biddiscombe is the CEO of MobileIron. So, to better protect ourselves from the modern threat vectors we face today, we must first try to understand how hackers exploit contemporary devices to access our corporate data.
Smart phones
Smartphones and other mobile devices are by far the biggest threat to business. The Verizon Mobile Security Index found that 40% of organizations surveyed had experienced some form of mobile threat. To add to these issues, the survey also found that 66% of those who committed a pledge said the impact was significant, while 37% said both had been difficult. and expensive to fix. While this shouldn't come as a surprise to most IT organizations, it's important to note that mobile threats are constantly evolving and need to be controlled. For example, a recent mobile threat has arisen when cybercriminals try to "port" your phone to another operator. This exploit allows the hacker to access your identity, your messages and your call information. Although this threat has been around for a while, lately it has become more apparent in various emails.
Smart Watches
The smartwatch industry has grown in recent years; In the last quarter of 2019, global shipments of connected watches increased by 42% compared to the previous year. However, as with all connected devices, they pose a significant threat to the business. For example, hackers could install a spy app on your smartwatch via phishing or public Wi-Fi exploits and then track your movements via the device's accelerometer data. If you regularly use your smartwatch to connect to your organization's network and access your company emails, you can give hackers access to your organization's network, putting your entire company at risk.
Smart speakers
While they provide a convenient way to get a direct answer to a question, smart speakers can compromise the security of your office. Vulnerabilities have been found in smart speakers that can allow hackers to listen in and record conversations or even phishing unsuspecting users. Users can inadvertently download malware disguised as a new skill or action; an exploit can record their conversations or even ask them for their password for their online accounts. Manufacturers seek to fix these vulnerabilities, so keeping up with the latest updates is essential.
AR / VR headsets
Although augmented and virtual reality may seem like purely recreational devices at the moment, there are already commercial use cases for them. For example, some designers and engineers from automotive companies use VR headsets to collaborate and test elements of new cars. Other possible applications for using VR and AR devices in the workplace include remote employee training, virtual offices, communication, and collaboration. However, while AR and VR headsets present significant business opportunities, they are often not the best in terms of security and can be used as access points to corporate data. Therefore, organizations looking to use such devices should look at ways to protect them, such as registering them with a Unified Terminal Management (UEM) platform.
Lost devices
In addition to the above, the loss of any device can present hackers and bad actors with a large amount of easily accessible data. Business laptops and smartphones remain at the top of the flight list, while the device is likely to contain the most critical business data. Stolen mobile devices can serve as a gateway against identity theft, while a lost laptop simply protected by a password is a business accident waiting. With so many devices used across the enterprise, it is important for organizations to create a secure environment for everyone to operate indoors, minimizing the risk of adding entry points to the network perimeter. A zero-trust, mobile-centric MDM solution can go a long way toward achieving this. This framework applies a "never trust, always verify" approach. This approach aims to validate the device, establish user context, verify the network, and detect and remediate threats before granting access to corporate data. At the same time, enterprises should seek to partner with mobile security leaders who have the experience, deep knowledge, and strategic vision to lead the way in the minefield of new device threats. connected