With about 80% of companies embracing BYOD or Bring Your Own Device, mobile security is now a top priority at most companies. Watch this 30 minute live webcast where we will talk about the recent research we have performed to find the top 7 mobile security threats. You will also come away with mitigation tactics for each threat.
To download a free Mobilsafe demo, click here:
http://information.rapid7.com/mobilisafe-demo.html?LS=1428723&CS=Web
Handwritten Text Recognition for manuscripts and early printed texts
Top 7 Mobile Threats Webinar
1. Top 7 Mobile Security Threats
Giri Sreenivas
VP/GM, Mobile
2. Review prioritized threat list
• Lost/Stolen Devices and Terminated Employees
• Jailbroken Devices
• Trojans + Malware
• User Behavior with apps
• Promiscuous apps
• Phishing
• Man In The Middle
Q+A
Agenda
2
3. State
• 35% of mobile devices are lost or stolen
#1 type of crime in urban centers like NYC
• Devices are replaced every 18 months on average
• > 50% of terminated employees did not feel it was wrong
to steal corp data
Consequences
• Leakage of corporate data without adequate security
controls like PINs, encryption and remote wipe
Lost/Stolen Devices + Terminated Employees
3
4. State
• 5% of iOS devices jailbroken
• Comparable percentage of Android devices are jailbroken
Consequences
• No trustworthy data security mechanisms on the device
Encryption
Security policies like PINs
• Correlated with presence of higher risk applications
Access to untrusted app stores for iOS
Jailbroken Devices
4
5. State
• Well controlled in iOS app store, room for improvement
with Google Play
• 3rd party app stores pose dramatically increased risks
Chinese botnets
Bad Pigs vs. Bad Piggies
• Malware exploits operating system vulnerabilities are the
apps/games to really be worried about
Consequences
• Data leakage
Trojans + Malware
5
6. State
• BYOA – Bring Your Own App. Dropbox, Evernote, etc.
• Employees are finding the best apps to solve their work
problems, many of which have not been vetted by
IT/Security teams
• Dropbox vs. Box
Consequences
• More highly productive employees
• Data leakage, typically to cloud-based services
User Behavior With Apps
6
7. State
• Apps request permissions to get access to sensitive
corporate data like address book contacts and calendar
events
• Recent versions of LinkedIn, Path, Evernote, etc
Consequences
• Corporate data inadvertently is leaked to cloud-based
services without any visibility or awareness for IT and
Security teams
Promiscuous Apps
7
8. State
• Occasionally referenced as smishing
• Inbound SMS and emails that elicit end user disclosures
of sensitive data
Consequences
• Jailbroken devices
• Leaked credentials
Phishing
8
9. State
• Caps on data plans motivates WiFi usage, including
heavy reliance on insecure networks
• Majority of tablets are WiFi only
Consequences
• Difficult to detect capture of sensitive data, including
credentials, by 3rd parties
Man In The Middle Attacks
9
10. Mobile Risk Management is a lean, enabling approach to addressing
these top 7 mobile threats
Check out a demo of Mobilisafe
• http://demo.mobilisafe.com
Q + A
10