The missing mobile puzzle piece

November 2017 Information Security, Infrastructure

With mobile malware and ransomware proliferating at a rapid rate, companies are recognising the need for security technologies to protect network resources accessed by employees with their devices. But, they’re missing an important piece of the puzzle.

“A mobile management solution holds little ground without a policy in place,” says Michael Morton, a mobile security specialist at Securicom. “Companies are neglecting to define what resources can be accessed and have not identified what devices are already accessing the network. End user training and education are also pushed aside as there’s an assumption that a mobility management solution will take care of the risk. However, it doesn’t work that way.

“Companies should know what devices are accessing their networks. Restrictions should be placed on what information can be accessed, and employees need to understand what they are and why they are there.”

He continues: “A mobile device policy should be developed to define what mobile devices are permitted to access on the network. This sounds elementary, but the number of clients that don’t have a mobile security policy defined is surprising. They know they need to manage mobile devices in the enterprise, but have no idea where or how to implement it. A sound policy is the very foundation.”

The most sensible way to address the burgeoning bring-your-own-device and bring-your-own-app trends is to first define a policy around their usage and then deploy an effective mobility management solution to enforce that policy. To complement this, Morton recommends a Network Access Control (NAC) device.

“This device allows you to define what devices are allowed to connect to your network, and what they are allowed to access once they are on the corporate Wi-Fi. The NAC can also perform some host checking functions and integrate with a mobility management solution. The mobility management tool can inform the NAC if any suspect applications are on a device, and based on this, access to the corporate network can be limited or removed.”

When it comes to mobility management and security tools, not all are created equal. In a true enterprise mobility management solution, features like Application Risk Management and Threat Management can assist in detecting and remediating mobile malware. Application Risk Management reviews the reputation and security state of applications installed across the device base. Threat Management takes it a step further, allowing for the detection, analysis and remediation of malware on mobile devices across the enterprise.

Morton stresses though that combating mobile malware in an enterprise requires a multi-approach that includes the use of such technologies as well as behavioural change.

“Educating your end users around what malware is, how it works, and how to detect and or remove malware from a device is critical to stamping out mobile malware in an enterprise. Most people believe that if they have a mobile security tool or an anti-virus installed, they are protected. However, while these applications greatly assist in protecting devices, the end user has the final say. They are the ones downloading applications from untrusted sites, or opening malicious links in an SMS. As end users, we need to be more security savvy because remember, all cyber criminals have an agenda.”

For more information contact Securicom at www.securicom.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.