In-person conferences are back! In March, the SyncDog team had the opportunity to attend the Golf Information Security Expo and Conference (GISEC) in Dubai. GISEC is known for gathering the top cybersecurity enterprises from all over the world, along with CISOs from major corporations, at the Dubai World Trade Center. We were excited to finally meet in-person—with new and existing partners, customers, and prospects—once again to discuss and decisively lead cybersecurity transformations across sectors and nations. Since the pandemic hit back in 2022, the cybersecurity landscape has drastically changed, with new threats emerging, usage patterns changing, and “work from anywhere” drastically changing the security perimeter leaving security professionals facing unprecedented challenges. Being able to gather together and discuss these threats and challenges allows us to take the necessary steps to collaboratively reduce the risks and obstacles commonly faced.
For those that couldn’t attend, here are three key themes and topics we observed:
Threats are becoming more sophisticated, but mobile security hasn’t changed:
Mobile devices are quickly becoming a primary target for bad actors. As hackers become more sophisticated, they have found ways around security measures to hack into the phone – many times finding ways to access the keystore/keychain – the “vault” that holds all the crypto keys and passwords to your accounts and apps. This year alone, we’ve watched extremely stealthy spyware, the notorious Pegasus spyware among others, which can access all areas of devices without any action required by the user, such as clicking on a link or the like, while going undetected and stealing the most sensitive data and personal information.
The alarming reality is that many organizations rely solely on their operating systems’ built-in security measures, which have proven time and time again that they are not sufficient enough to protect against advanced threats. Yes, both android and iOS cellular devices have some measures built into the phone to help protect the device, however, they are limited in the protection they can provide. When it comes to protecting corporate data on mobile phones, especially when the device is rooted or jailbroken, these preemptive measures will fall short every time.
We’ve also seen a rise in man-in-the-middle attacks, which can happen to any system, including mobile devices. When a man-in-the-middle attacks a mobile phone, the threat actor gains the ability to track the device’s location, eavesdrop on conversations and intercept and manipulate text messages on the victim’s phone. While these kinds of attacks have been around for a while, they are more in the spotlight than previous years and many organizations are finding that it is becoming harder to prevent them. It is easy for hackers to gain access to devices when end users are on their phones constantly, connecting to different websites and wifi networks.
MDM is on the outs:
Mobile device management (MDM) is a widely popular tool used to manage the activity of employees on company devices and to provision workflow tools. MDM is a valuable tool, but many organizations have mistakenly used MDM solutions as their primary mobile security solution, and unfortunately, it is not a tool designed for protecting mobile data. There are many limitations to the levels of security that MDM can provide, and with the nature of today’s dynamic and advancing threats, MDM simply cannot keep up.
The need for mobile devices in the workplace has steadily increased over the past decade. However, the pandemic forever shifted the way people work. People were suddenly able to work from wherever they pleased, leading to employees moving across states, countries and continents. With permanent remote work policies in place, your employees can now be working anywhere across the globe, and as they continue to work on the go, they are using their personal devices to handle company data. And, that’s where MDM falls short. There is a false sense of security with MDM technology and an accurate concern about personal privacy issues. What companies truly need is a stronger endpoint protection solution to ensure their corporate/government information is safe on employee’s devices and the employees personal email, files and apps are kept private.
Personal privacy regulations are on the forefront:
The overall take away from GISEC is that the dichotomy of data security while respecting personal privacy is at the forefront of everyone’s minds. Without regulations, threat actors are practically allowed to run rampant and there is less safety for individuals and corporations. Data security/privacy regulations are popping up all across the world. The United States government has implemented the CMMC, Cybersecurity Maturity Model Certification, for government contractors to ensure they achieve the necessary verification of their ability to uphold cybersecurity best practices when interacting with controlled unclassified information (CUI). And, while many states have implemented or are making strides with state-level security/privacy laws and regulations, there is no nation-wide guidance like the GDPR in the EU. As the world continues to ingest more and more data and rely on digital technologies, stronger security measures are needed to protect information and ensure data is being used correctly.
—
While mobile security is in the hot seat, SyncDog is primed to help organizations secure their mobile workspaces and combat commonly felt challenges across the globe. SyncDog’s Trusted Mobile Workspace (TMW) is the first fully integrated end-to-end mobile security solution for employees accessing enterprise apps, files, email and data on mobile devices. It’s a modular yet all-in-one mobile security solution from a single vendor, download and administrative console that can be tailored to fit the specific needs of the various roles and responsibilities of your employee base – down to the individual – ensuring security, enhanced productivity and convenience of use.