Enterprise CISOs need to reassess their security policies in the face of a widening array of cyberthreats exploiting mobile devices, says a threat prevention expert.
James Traxel, head of threat prevention at Check Point Software Technologies, points to the rising rate of account takeovers, among other threats, as more users connect to networks through mobile devices.
The threat landscape is changing with more coordinated attacks on specific targets by hacker groups. The uptick of campaign-based attacks means that mobile security concerns should be top-of-mind, he says in a new podcast, produced by CyberScoop and underwritten by Check Point Software Technologies.
He urges CISOs to review outdated policies for these devices while also recognizing the need to address privacy and other concerns of employees:
“You used to see a lot of attacks in focused directly on applications and the weakness within the application, insecure coding, or even deploying or hijacking ad networks. Those are still popular today, but we’ve seen that supplanted by account takeovers – meaning the stealing of credentials,” Traxel says.
“All of us spend many happy hours entering credentials into our mobile devices, and unfortunately most of those credentials tend to be the same, including our corporate credentials. The attackers know that, and they are very eager to get on your device and take those credentials.”
“[First] you need software on the device, or a way to tell what’s actually happening on the device… Then the next step is putting some thought into an actual access policy for the mobile device,” he says.
“[Policy should be] looking at: What should this mobile device actually have access to? What happens if the mobile device is actually compromised, should it still be able to access that actual resource?”
“What you want to do is understand that there is a way to have privacy and security at the same time. So, you really want to examine the offerings in the marketplace to understand who is actually looking at the content on your device, and who is not?” Traxel says.
Listen to the podcast for the full conversation on cyber threats and mobile device security. You can hear more coverage of “IT Security Modernization” on our CyberScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by CyberScoop and underwritten by Check Point Software Technologies.