Analysts at Gartner predict that by 2017, as many as 75% of endpoint-related security breaches will be the result of improper application configuration on mobile devices, as attackers continue to shift their focus towards targeting smartphones and tablets.
“Mobile security breaches are — and will continue to be — the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices,” said Gartner’s Dionisio Zumerle.
“A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices.”
The number of mobile devices continues to rapidly increase in inverse proportion to a decrease in traditional PC sales, with an estimated 2.2 billion smartphones and tablets being sold to end users in 2014 alone, and users who choose to tamper with devices by overriding application-specific protections or operating system’s sandbox just add to the problem.
“The most obvious platform compromises of this nature are ‘jailbreaking’ on iOS or ‘rooting’ on Android devices. They escalate the user’s privileges on the device, effectively turning a user into an administrator,” said Zumerle.
Gartner further recommends that IT departments adhere to an MDM/enterprise mobility management policy Android and Apple devices that includes:
- Asking users to opt in to basic enterprise policies, to be prepared to revoke access controls in the event of changes, else face limited access
- Requiring device passcodes include length and complexity as well as retry and timeout standards
- Specifying the minimum and maximum versions for platforms and operating systems
- Enforcing a “no jailbreaking/no rooting” rule and restricting the use of unapproved third-party app stores
- Requiring signed apps and certificates for access to any business email, VPNs, Wi-Fi and shielded apps
“We also recommend that they favor mobile app reputation services and establish external malware control on content before it is delivered to the mobile device,” said Zumerle.
Read More Here…