Story image

Exclusive interview: ESET on protecting the mobile workforce

01 Dec 2017

The Australian and New Zealand cyber security market can expect to see more instances of ransomware, DDoS attacks and attacks against Internet of Things (IoT) devices, says Nick FitzGerald.

FitzGerald is a senior research fellow at ESET, a global IT security company. In Australia, ESET's office is located in Sydney, whereas, in New Zealand, the company is represented by its Auckland-based distributor Chillisoft.  

Now, more than ever before, FitzGerald continues, enterprises will need to increasingly rely on the guidance of security experts - especially with workplace initiatives like BYOD (Bring Your Own Device) and flexible working conditions, such as working from home/public places, creating greater cyber risks. 

"IT security spend on endpoint security programs, 2FA and encryption will likely increase to ensure digital data remains secure."

In this exclusive interview, FitzGerald continues to discuss the state of the Australian and New Zealand cyber security market and what enterprises must do to protect their assets as workplace mobility becomes increasingly mainstream. 

How responsive are Australian and New Zealand businesses to the IT market’s evolving cyber security requirements? How does being mobile change these requirements from traditional, office-based enterprises?

ANZ businesses are at different stages of addressing the security requirements and challenges.

Some businesses adapt quickly, while others are slower to respond as resources vary between organisations and many are already overloaded with digital transformation projects.

Business scalability is often the priority, leading some businesses to address security as an afterthought, rather than considering it during the planning phase. Moving to mobile adds another layer of complexity, as employers and security experts will have to consider cybersecurity beyond the traditional office perimeter.

Now, more than ever before, enterprises need to look further ahead and plan their technology designs based on future business goals, while incorporating current business objectives, and addressing cyber threats as they evolve.

With the workplace mobility on the rise, what cyber security practices should be in place to ensure enterprises and their mobile workforce are protected?

Mobile users have placed particular strain on traditional access management strategies.

Solving those issues has really driven the demand for two- (or multi-) factor authentication systems, and more sophisticated federated identity management and single sign-on authentication services.

Other issues with an increasingly mobile workforce include ensuring that sensitive data is properly handled by being encrypted in-flight and at rest, and managing which apps and services an enterprise’s mobile workforce has access to.

End-user education is possibly even more important for mobile workers, who may have quite different background experiences and attitudes to the use of their personal devices, compared to what may be acceptable with an enterprise-supplied, or corporate-connected BYOD device.

Therefore, driving awareness amongst employees around safe mobile practices is key to protecting a mobile workforce.

How do these increasingly mobile workforces impact and complicate the cyber security practices needed?

Perhaps the largest impact of our increasingly mobile workforce is the loss of the classic “security perimeter”, which was defined in terms of physical locations, firewalls, routers and other pieces of on-site network kit.

Heavily mobile workforces increasingly result in the so-called “borderless enterprise” where security depends more and more on identity and access management and less on concepts such as a network boundary.

Single-sign-on and federated identity management services are increasingly important to ensure only the right people have access to certain data and applications.

This, in turn, drives greater interest in “soft token” apps which generate a single login PIN as a means to replace the management problems and costs associated with hardware tokens, as more and more employees are now requiring the kinds of authentication and verification services that tokens provide.

With the rise of an application powered economy, what new risks does this pose to mobile devices?

Software supply chain attacks are becoming more common and can even affect apps provided by legitimate developers.

This is particularly true for software developers that are not especially careful about third-party code and the security of the computers and devices they use for their own app development work.

These vulnerabilities can then be used to attack or compromise any end-user device running the affected apps.

User education also remains critical. A report by Arxan found that many users were downloading apps from unofficial stores, making them vulnerable to attacks and therefore compromising any access to company data on the infected device.

App-based environments provide an easy target to side-step traditional network security, meaning the perimeter of protection has expanded.

IT security spend should increase accordingly on endpoint security and device management programs to cater for the rise of the application economy and the increased risks a mobile workforce brings.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.