It used to be a common sight on the street to see people walking along with their mobile phones clenched to their ears. But increasingly this has changed to the view of people heads down, looking at their mobile phone screens as they watch the latest video craze or play with the latest app.
Indeed today’s phones are even getting bigger with larger and better quality screens to enable us to do more things with our mobile devices.
So we cannot be too surprised by the latest Cisco Visual Networking Index published this month which predicts Global mobile data traffic will increase nearly tenfold between 2014 and 2019 to reach 24.3 exabytes per month by 2019. That’s the equivalent of 6,079 million DVDs each month!
The report also forecasts that there will be 11.5 billion mobile-connected devices by 2019 - exceeding the world’s projected population at that time (7.6 billion). In 2014, the number of global mobile devices and connections grew to 7.4 billion, up from 6.9 billion in 2013. Smartphones accounted for 88% of that growth, with 439 million net additions in 2014.
But it isn’t only the amount of devices and data that will increase, the speed of the network is also predicted to increase exponentially from the average mobile network connection speed of 1.7 Mbps in 2014 to nearly 4 Mbps by 2019. By 2016, Cisco predicts the average mobile network connection speed will surpass 2 Mbps.
So with all this increased reliance on mobile devices and more of us choosing to use our tablets and smartphones for work and play, we cannot be surprised that the criminal gangs who dominate cybercrime are also eying the opportunity these new attack vectors present them to make money.
Unfortunately for many organizations, employee-owned mobile devices that access corporate resources are usually outside of the control of the corporate IT function. As a result it can be difficult to identify even basic environmental data for these devices such as the number and type of devices being used, as well as operating systems and applications.
While smart phones, tablets and laptops are becoming our ‘go-to’ devices, creating a boon in productivity, the move towards Bring Your Own Device is increasing security risk to the corporate network and corporate data.
Security of mobile devices is a question of three phases:
- Before – Establishing control over how mobile devices are used and what data they can access or store
- During - Visibility and intelligence is vital if security professionals can hope to identify the threats and risky devices and monitor their activities on the corporate network
- After – When the inevitable happens and the network is compromised by a threat, this is the ability to retrospectively review how that threat entered the network; which systems it interacted with and what files and applications were run to ensure it can be cleaned up as quickly as possible.
One of the fundamental problems IT security professionals face when securing their network and digital assets is establishing Information Superiority - leveraging superior intelligence to identify what needs to be protected and the threats to consider when structuring defences. This becomes particularly challenging in the mobile enterprise. Mobile devices easily connect with third-party cloud services and computers whose security posture is potentially unknown and outside of the enterprise's control. In addition, mobile malware is growing rapidly and further increases the risk.
Increased visibility and control will help businesses to protect against advanced threats that result from mobility and BYOD challenges. By taking advantage of information superiority to identify mobile devices connecting to the network, it is possible to determine whether a device is at risk and then take measures to protect it.
With increased visibility into the number and types of devices connecting to the network (iPhones/iPads, Blackberries, Android devices and more), as well as the applications they are running, Information Superiority and control then allows us to inspect mobile protocols to identify vulnerabilities and stop potential attacks against these devices.
So as we continue to see the evolution of the mobile revolution, we must continue to stay ahead of the threat and develop tools and techniques that provide visibility and control of the new threats these devices open us up to.