Contributed article by Satyam Tyagi, mobile security product manager, Zscaler

Mobile Devices Present the Weakest Link in 2014

As 2013 comes to a close, we have witnessed a number of significant cyber security stories, issues and trends pushed to the forefront of mainstream media, including attacks on the very mainstream media itself. Reports of well-organized Advanced Persistent Threats (APTs) abound from abroad, underscored by dozens of botnets constantly mutating into new permutations to evade detection. It has become evident that signature-based anti-virus is not enough to provide proactive protection against these advanced threats.

Fundamentally, the way we conduct business continues to radically change; between work PCs, personal PCs, smartphones and tablets, each employee is accessing corporate assets from as many as four distinct devices. Coupled with the rise of cloud applications, enterprise information systems have become increasingly complex and heterogeneous, making it very difficult to maintain visibility and control of corporate assets.

In 2014, Zscaler sees these two major trends - the evolution of advanced threats and the complexity of cloud and mobile environments - increasingly intersect.

A few short years ago, corporate users had a corporate PC and perhaps a personal laptop at home. Today, these same users also have a smart phone and a tablet - all of which connect to corporate assets - yet 3G wireless and public WiFi connections make it difficult to gain visibility and control into this traffic.

Mobile malware is still nascent, focused largely on phishing, adware and fake/cloned apps; however, the impact of mobile malware is potentially huge because mobile devices are the new weak point. As enterprises move corporate data to the cloud and its users connect through mobile devices, there is no traditional security appliance between the data and the device. Recall that the incursion point for the TJX data breach, in which 170 million credit card numbers were stolen, was through its wireless network, where no traditional security appliances existed at the time.

While both Apple and Android devices sandbox apps, they can still grant apps enough permissions for risky behavior to occur. As a result, Zscaler expects to see a continued increase in mobile attacks via email, Web and malicious third-party apps that are a hybrid of phishing and adware. It is not a question of "if" these attacks could be leveraged by APTs as an incursion point into the enterprise, but rather a question of "when?"

##

About the Author

Satyam Tyagi is Principal Product Manager at Zscaler where he leads the Mobile security Product Management. Prior to Zscaler Satyam was Director, Strategy & Product Management at Samsung Mobile Enterprise lab. He joined Samsung mobile enterprise lab at its inception and leads product management and strategy for Samsung Knox product. And before that, Satyam has held product management and engineering roles at Juniper Networks, Sipera Systems and Cisco Systems. He has been responsible for real-time monitoring, security and communication product lines for smartphones, routers and network appliances. Satyam holds a Master in Computer Science from University of North Texas and Bachelors in Computer Science and Engineering from IIT BHU.