Many years ago, I wrote several whitepapers for a company that made security products for network engineers. These engineers were tasked with protecting corporate networks, in part by identifying “rogue devices” on the network, which the security products helped them find. Back then, a rogue device usually meant a cell phone or laptop an employee brought from home and used on the network, putting the network at risk by circumventing firewalls and giving hackers access.
It seemed so high-tech back when I was writing those whitepapers, but that was a decade ago, and those same network engineers probably wish their lives were so easy now! Today mobile devices are so prolific, they’re almost an extension of our bodies and employees expect to be able to use them for work—even when they’re not at work. At the same time, companies continue to be lax in enforcing solid measures to protect their data and networks, despite the proliferation of mobile devices and the new mobile workforce.
Which throws one more cog into the already fast-moving wheel of cyber security: mobility.
Granted, it’s not just mobile devices that are compromising security and increasing risk. There’s also the simple fact that cyberattacks continue to increase each year. According to Statista, known data breaches in the U.S. went from 157 in 2005 to 1,579 in 2017. That’s a tenfold increase! Ransomware has made a huge jump in volume as well, with almost twice as many ransomware attacks in 2017 (160,000) as compared to the previous year (82,000).
It’s not just the compromising of data that’s the issue here. These attacks cost businesses money—a lot of money. Cybercrime is a global problem that could add up to $6 trillion in costs worldwide by 2021. Cybersecurity Ventures says this increase in cyberattacks “represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.” The situation is so dire that the World Economic Forum (WEF) launched a Global Centre for Cybersecurity earlier this year.
When the number of cyberattacks is increasing at a rapid pace and so is the use of mobile devices, we’re headed towards a perfect storm. It’s so bad that one article says mobile cyber security is already a “hellish nightmare” that’s getting worse. As Nick Ismail says in an article at Information-Age.com, “…mobility is the new front line for security as businesses weigh the advantages of an increasingly mobile workforce against the need to protect sensitive information in today’s complex cyber security landscape.” How bad is it? We now have a Journal of Cyber Security and Mobility that’s published quarterly.
Why is mobility such a problem for cyber security? It shouldn’t be. But neither users nor employers are taking the necessary steps to defend businesses against attacks made possible by our handy smart phones and tablets.
Back when I was writing those whitepapers mentioned above, the network engineers called personal cellphones and laptops “rogue devices” because they didn’t want them used in the workplace—hence the term rogue. Today most companies have a Bring Your Own Device (BYOD) policy, and it’s assumed that employees will be using their personal smart phones, tablets and laptops to do work and access the corporate network. In addition, the workforce is much more mobile today than it was 10 years ago, and people are regularly working from a remote location.
And all that opens up several ways in for hackers. Kaspersky Labs describes seven ways employees’ mobile devices put corporate networks at risk:
However, we can’t place all the blame on the employees. Poorly done cryptography and app development that compromises security for speed are beyond the control of the user. But the organizations that employ these mobile device users are also at fault. This is in part because businesses are knowingly compromising security for financial reasons: The Verizon Wireless’ annual Mobile Security Index found that “approximately one-third of organizations have knowingly sacrificed security for expediency or business performance.”
Organizations are also at fault because they simply fail to act. Of those 162,000 ransomware attacks in 2017 mentioned above, 93 percent could have been prevented by keeping up with software updates, blocking fake emails, and training employees to recognize phishing attacks, according to the Online Trust Alliance.
And then there’s the shortage of cyber security professionals adding to the problem. Perhaps more organizations would take the steps to secure their infrastructures and data if they had the staff to do so.
Obviously, we have a cyber security crisis that’s intensified by the mobility of today’s workforce. And we know cyberattacks will only increase in intensity. The result? The corporate world needs more people trained in cyber security—now. We already have a shortage of trained professionals. At the time of this writing, Cyberseek.org showed over 300,000 job openings in cyber security just in the U.S. Worldwide, experts predict we’ll have 3.5 million unfilled jobs by 2021.
If you’re considering a career in cyber security, your possibilities are endless and your future is secure. Plus getting started is easy. All kinds of cyber security certifications can be earned to launch your career. Most importantly, the world needs you, desperately, to fight cybercriminals and defend corporations and consumers alike. Ten years ago, it was a simple fight against “rogue devices.” Today the situation is dire, a “hellish nightmare” as we try to prevent the perfect storm from happening. Can you help to fight the good fight?
Name | Date | Place | |
---|---|---|---|
CISSP®- Certified Information Systems Security Professional | 6 Feb -28 Feb 2021, Weekend batch | Your City | View Details |
CISSP®- Certified Information Systems Security Professional | 15 Feb -8 Mar 2021, Weekdays batch | Atlanta | View Details |
CISSP®- Certified Information Systems Security Professional | 26 Feb -20 Mar 2021, Weekdays batch | Washington | View Details |
Stuart Rauch is a 25-year product marketing veteran and president of ContentBox Marketing Inc. He has run marketing organizations at several enterprise software companies, including NetSuite, Oracle, PeopleSoft, EVault and Secure Computing. Stuart is a specialist in content development and brings a unique blend of creativity, linguistic acumen and product knowledge to his clients in the technology space.
CISSP®- Certified Information Systems Security Professional
*Lifetime access to high-quality, self-paced e-learning content.
Explore Category