“I think the time has come to skew expenditures more toward the future as opposed to what we’re seeing right now. There are still more non-mobile threats that are publicly reported than mobile threats, but that’s a temporary condition. People need to think about mobile and cloud and what’s coming and start the transition now. Otherwise they will not be in a better position when we get there; they’ll be in a far worse position,”
–Phil Reitinger, president of Global Cyber Alliance and former CISO
Enterprises are actively transitioning from desktop and server environments to mobile and cloud ones. This should come as no shock to anyone in an enterprise IT or security function. Mobile devices are in every employees’ hand. Corporate architectures are app-centric, with employees downloading mobile apps without IT vetting.
Cybercrime goes where the value is and the value is increasingly going to be in the data that sits in cloud services and the mobile devices that access them.
Paying attention now can help you be in a much better security position later.
“You know, when a CSO thinks through priorities — it’s a tough job. [They need to] to balance the kinds of things that require a lot of intense concentration, real deep problems in infrastructure … with the day-to-day things that could be just as important.”
Ed Amoroso would know. Ed served for 12 years as CSO at AT&T and is now the CEO of TAG Cyber. He started his career at Bell Labs in Unix security R&D over 30 years ago.
The graphic above appears in Gartner’s report, Market Guide for Mobile Threat Defense (MTD) Solutions*. I believe a comprehensive mobile security solution must cover all four of these quadrants and enterprises should look for single solutions that cover all aspects addressed by MTD + MARS.
In my conversations with CISOs, I repeatedly hear that one of the biggest issues they have is too many security products. They usually express different versions of, “I’ve got 50 different vendors and 50 different security products, and I simply can’t afford the personnel that I need to manage 50 different products.” I’m happy to share that at Lookout, our Mobile Endpoint Security solution is already a united single offering with capabilities that are usually considered separate parts of Mobile Threat Defense (MTD) and Mobile App Reputation Solutions (MARS) products.
ViperRAT is an active, advanced persistent threat (APT) that sophisticated threat actors are actively using to target and spy on the Israeli Defense Force.
The threat actors behind the ViperRAT surveillanceware collect a significant amount of sensitive information off of the device, and seem most interested in exfiltrating images and audio content. The attackers are also hijacking the device camera to take pictures.
Using data collected from the Lookout global sensor network, the Lookout research team was able to gain unique visibility into the ViperRAT malware, including 11 new, unreported applications. We also discovered and analyzed live, misconfigured malicious command and control servers (C2), from which we were able to identify how the attacker gets new, infected apps to secretly install and the types of activities they are monitoring. In addition, we uncovered the IMEIs of the targeted individuals (IMEIs will not be shared publicly for the privacy and safety of the victims) as well as the types of exfiltrated content.
In aggregate, the type of information stolen could let an attacker know where a person is, with whom they are associated (including contacts’ profile photos), the messages they are sending, the websites they visit and search history, screenshots that reveal data from other apps on the device, the conversations they have in the presence of the device, and a myriad of images including anything at which device’s camera is pointed.
Cyber war is a term the U.S. government is intimately familiar with, but woefully unprepared for when it comes to mobile.
Government employee mobile devices are a relatively new attack surface, and a particularly valuable one for espionage missions and other criminal intent. Mobile devices access confidential, classified, and other protected data classes. At this point, that’s just a fact. Both CSIS and the Presidential Cyber Commision acknowledge that mobile is no longer a fringe technology, but a central instrument that allows employees to get their jobs done.
Protecting data on mobile is non-negotiable and the responsibility of federal technology and security leaders across the entire government.
There are five principles any federal agency or organization must use to build a mobile security strategy. To forego such a strategy directly puts sensitive government data at risk.
Enterprise employees are using their mobile devices to do their jobs today, but the day when these devices usurp PCs as the preferred device for work is coming faster than you think, if the significant delta between PC and mobile devices sales is any indication.
Mobile devices are the way people work now. Today, enterprises are used to handing out PCs upon a person’s first day at the office. As an employee gets set up, though, businesses will quickly find that work is leaving those protected environments and happening, instead, on mobile devices.
Smartphones today have more computing power than a Cray III supercomputer. However, many security professionals put about as much thought into securing their mobile ecosystems as they did into securing Motorola RAZRv3 flip phones back in the day.
Vanity Fair interviewed my team to understand the story behind the discovery of Trident, the three zero-day vulnerabilities used to remotely jailbreak iOS devices, and Pegasus, the spyware that used these vulnerabilities to exploit targeted individuals.
Today, I am proud to announce that Lookout is now “FedRAMP Ready,” an indicator to federal agencies that Lookout Mobile Endpoint Security is vetted, secure, and can be quickly implemented into any U.S. government organization.
Lookout is the first mobile security solution to achieve this status.
The Presidential Commission on Enhancing National Cybersecurity released its report on securing and growing the digital economy in which one message is clear: de-prioritizing mobile security is no longer an option.
New priorities for a new mobile workplace
“The days of employees working only at an office using an organization-issued desktop computer fully managed by the organization are largely over. Market forces and employee demands have made “bring your own device” the de facto option in many workplaces. … Organizations no longer have the control over people, locations, networks, and devices on which they once relied to secure their data. Mobile technologies are heavily used by almost every organization’s employees, yet security for mobile devices is often not considered as high a priority as security for other computing platforms. In short, the classic concept of the security perimeter is largely obsolete.” – Excerpt from the Commission on Enhancing National Cybersecurity report
Employees in the public sector are using mobile devices every day to get their jobs done, whether government agencies know about it or not. Today, having a secured mobile workforce — which includes protection against risky applications, network attacks, and malicious intrusions — is a necessary element of an agency’s overall security architecture.