As every serious runner knows, preparing for a big race can be a daunting task; it takes time, patience, and determination to succeed. Once the training schedule begins, the runner must be diligent with sticking to the task. By neglecting even one workout, the runner can risk losing progress, and not finish the race.
While sticking to a regime might be difficult for a runner, incorporating mobile security into overall cyber defense plans is an ongoing challenge for Federal agencies. The 2017 Department of Homeland Security’s study on mobile device security found that despite improvements with mobile security, “many communication paths remain unprotected,” leaving Federal networks vulnerable to attacks.
Mobile security is becoming a larger cyber issue, and as new mobile threats continue to emerge daily, critical government data is constantly being threatened.
Always on the Move
When it comes to running, it’s important to switch up your training routine to improve overall conditioning and fitness levels. This also applies to mobile security.
In early January, a fitness tracking app called Strava released sensitive information regarding the location of various government military and spy bases. And, recently, top U.S. intelligence officers issued a warning to Americans to not purchase Chinese-made smart phones, which are now linked to cyber espionage.
Another cyber breach occurred just two weeks ago through the My Fitness Pal app, releasing personal information of over 150 million users including stolen usernames, passwords, and email addresses. Logged workouts and nutrition plans, in addition to log-in credentials have been compromised for millions who were simply looking for a way to meet their fitness goals.
“Phishing attacks, malware, vulnerabilities in operating systems, and overall networks are four areas that need to be better prioritized for Federal agencies when it comes to mobile security,” said Bob Stevens, VP of Public Sector, Lookout. “Increased morale, productivity, and real-time data are all benefits of using mobile devices; but these can also be seen as challenges for security teams. With the right technology to ensure a safe mobile environment, these challenges can be overcome.”
The Federal Trade Commission (FTC) reported 75% of Americans own smartphones and most check their phones four times or more every hour. As more government IT professionals sign into phones or other devices that have access to their personal email, documents, and contacts, the risk for a mobile breach increases exponentially.
As the mobile industry changes, Federal IT teams need to stay agile in order to prevent and mitigate new emerging threats.
Staying Motivated on Rainy Days
There’s a saying: Never do tomorrow what you can do today. While it’s easy to put off a workout on a rainy day, agencies need to keep mobile security front and center.
According to Lookout’s recent study, 44 percent said their organizations had taken no steps toward preventing attacks against mobile and IoT applications. Additionally, the study asked the same respondents how many have experienced a security incident on a mobile device–over half said yes.
Additionally, in the 2016, Presidential Commission on Enhancing National Cybersecurity noted that “mobile technologies are heavily used by almost every organization’s employees, yet security for mobile devices is often not considered as high a priority as security for other computing platforms.”
“The biggest challenge with mobile security is the portability of the device and the pace of technology innovations in the mobile space,” said a Department of Homeland Security Official. “These devices face the same threats as any other IT device (physical, network-based, system-based, or application-based) only now the devices are compact, carried everywhere, and can be lost or stolen.”
From Couch to Marathon?
Although mobile security is a concern, there is not a quick fix–you don’t just run a marathon without months of preparation. Effective mobile security policies and procedures come from a holistic, layered approach. Application security, device security, and network security need to be in-sync to ensure government data stays secure from mobile threats, especially as connectivity continues to grow.
“The primary support the government can provide agencies is to assist them in identifying their highest valued assets and data, provide guidance on proven practice approaches to securing their data and ensure appropriate governance of the IT security practices,” said a DHS official.
Additionally, agencies need to ensure that the most dangerous attack vector is accounted for: The human element. According to Lookout, many Federal employees download unauthorized apps and connect personal devices to agency networks despite policies in place.
To ensure data is secure, government agencies need a more proactive approach to mobile security, including a comprehensive mobile security strategy to protect against catastrophic data loss. Agencies must also create a set of standards and security best practices for mobile application tailored to government. And, agency leadership should invest time to educate employees on mobile security risks, their role in data protection, and the importance of privacy settings.
“The greatest vulnerability is the government doing nothing,” Stevens said. “The bad guys are still trying to get in, and without protection, you leave the gates wide open for attackers.”
And, if you think maintaining cyber fitness is exhausting, CIOs and CISOs across government well remember the pain of the Cyber Sprint…