Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Dan
Cuddeford, Senior Director of Systems Engineering, Wandera
It's Time to Hedge Your Bets When it Comes to Device Management
As we head into the
new year, security professionals everywhere are piecing together clues from
2019 that might offer some insight into what 2020 will bring by way of threats
and cyberattacks. The realm of mobile security in particular is on track to see
an evolution of threats, as phishing attacks become more sophisticated,
corporate devices become increasingly difficult to manage, and more resources
are poured into risk assessment to redefine endpoint protection. Wandera's 2019 Mobile Threat
Landscape report revealed that a new phishing domain is launched
every 20 seconds. With these attacks evolving everyday companies will need to
look ahead to determine a plan of attack (and more importantly, defense) when
it comes to mobile security. Here's what mobile security professionals can
expect in 2020:
As threats skyrocket, machine learning will be the best
bet when it comes to protection and detection.
Just as Apple and
Google have made efforts to harden their devices and platforms, threat actors
have kept pace with more sophisticated attacks, particularly as it pertains to
spear phishing and brand-specific attacks. With 81 percent of mobile phishing
attacks already taking place outside of corporate email, it's clear bad actors
are now studying their victims' behaviors to better exploit their weaknesses.
With this move, attackers are favoring attacks via messaging apps and social
media, where users are vulnerable to fake profiles and convincing
notifications. This means that with the number of threats exploding,
signature-based detection techniques aren't going to be enough. Security
professionals will need to turn to machine learning to defend against these
more sophisticated threats. Recent discoveries of malware and adware slipping
through the cracks on both Google Play and Apple's App Store prove that even the giants
aren't immune. Companies across the board should take caution and employ
machine learning to stay ahead of adversaries.
Organizations will decrease device management and
prioritize application management.
Increased privacy concerns, end-user pushback,
a revolving door of contractors, and bring-your-own-device (BYOD) scenarios
will lead some organizations to push off the adoption of proper security
management tools. One solution for the deluge of devices is the implementation
of application protection policies that focus on sensitive information within
certain apps, rather than trying to secure the devices themselves. This
includes Microsoft's Mobile Application Management (MAM) app protection
policies, which allow organizations to manage and protect data within certain
applications, with some versions going even further to allow management over
apps on almost any device, including personal. Adoption of policies like this
demonstrate how organizations are trying to meet varying end-user requirements
by revising the end-point focused mobile security strategy they may have had in
the past. When it comes to the debate on privacy and security, many people
still believe you need to choose one or the other, but the reality is you can
have both, you just have to find the right approach. In the new year,
organizations will have to grapple with privacy concerns and straddle the line
between device management policies that protect both end-user privacy and
freedom, while still safeguarding sensitive organizational data.
There will be an increased focus on mobile risk
assessments.
More and more,
organizations are looking for one solution from a single vendor that checks the
box for mobile security. This approach has resulted in a greater focus on
mobile risk assessments, as organizations are realizing they can't defend
against everything, so need to determine where they're most at risk to better
focus their efforts. This has spurred a movement from an endpoint centric
approach to one that centers on applications and data. Heading into the new
year, organizations will increasingly put all of their eggs in the risk
assessment basket, choosing to narrow in on sensitive data in protected apps
versus tackling the entire device and relying on context to determine access to
sensitive apps. Soon, authentication and access will not only rely on
biometrics, but location, the network you're connected to or the country you're
working from. In 2020, context will reign supreme when it comes to authentication.
There will be an increased use of custom apps on mobile
devices.
This emphasis on
app security is not unfounded, as 2020 will likely be the year that
organizations extend their IT support beyond simple contacts and calendar apps
and allow users to access sensitive data from their devices. More organizations
will dedicate resources to app development and customization, allowing a secure
outlet for sensitive data that won't require device management on the part of
organizations.That said, enterprises cannot assume custom apps are built
securely, so this will open up new avenues for attack, as quickly developed,
customized applications are often the worst offenders when it comes to
security.
The 2019 Verizon Mobile Security Index reported
that 33 percent of organizations admitted to having suffered a compromise
involving a mobile device. This number is only likely to increase as users are
granted access to increasingly sensitive data from their personal devices.
Heading into 2020, security professionals will need to redefine organizational
priorities when it comes to mobile, and learn to evolve with the changing
landscape to keep their information secure across platforms, regardless of the device.
##
About the Author
Dan Cuddeford, Senior Director of Systems Engineering, Wandera

Dan
is Senior Director of Systems Engineering at Wandera, the leading global
provider of mobile security. An experienced engineer in network and cloud
security, Dan has worked with start-ups through to global enterprises including
AWS and Cisco. Wandera is a leading mobile security
company, providing multi-level protection against cyber threats for users,
endpoints, and corporate applications.