Impact of Mobile Devices on Cybersecurity, Essay Example

Cyber Security causes from Mobile Devices

Cyber threats are becoming a dominant and challenging factor for organizations, as it leverages many risks that are constantly changing. Every now and then, there are new security breaches resulting in stolen credit card records, stolen personal information and losses in terms of customer confidence, as well as revenue. No matter how advanced the security controls are, still incidents and security breaches are on the rise. There are numerous cases where IT managers have failed to provide or define adequate security for enterprise wide infrastructure of an organization. Likewise, they emphasize more or external security threats rather than internal vulnerabilities. In this modern era, mobile devices are no more for just receiving and making calls, we are moving towards mobile computing. Likewise, mobile operating systems are under development with more features and bundled applications. Similarly, for handling these advanced operating systems that are rich in features, powerful hardware architecture with quad core and octacore processors is in demand. Besides, there are significant vulnerabilities and hidden risks that are embedded within these rich featured smart phones and tablets. Employees are habitual of using these devices all the time and at the workplace as well. This may lead to significant risks, as these devices are connected to internal wireless local area network/access points that are connected to the organizations computer network. For instance, a malware installs itself within the smartphone or tablet and travels from the smart phone to the rogue access point and then to the targeted machines containing personal identification information. A very popular malware known as ‘flame’ was specially designed to perform surveillance, as it records voice, data, mobile contacts, emails, compromise Bluetooth application for fetching data from Bluetooth connectivity (Hatahet, Bouabdallah, & Challal, 2010). Internal attacks have the highest percentage of threat to the organizations assets rather that the hacker who makes it way from the outside network. As per Gartner, 70% of security incident occur internally i.e. from the organization premises (Dickerson, 2004). Similarly, these devices are used internally within the organization and may result in system compromise if not monitored and controlled properly. Checkpoint conducted a survey of around 800 Information Technology professionals from Germany, United States, Japan, Canada and United Kingdom. The results of the report revealed that almost 90% of IT professionals have mobile devices and almost 65% of them grants access to mobile computing devices to be connected to the organization’s network. Likewise, some of them have more than one mobile computing device running on two different mobile operating systems. As these devices have more than 50% personal data, the impact can be tagged as ‘High’. An administrative control for controlling and monitoring ‘Bring Your Own Device’ BYOD is to create BYOD policy and initiate information security awareness programming to crease awareness in organization’s employees.

However, for minimize risks and vulnerabilities; certification is a key aspect that addresses design, deployment and operational processes. Certification process takes a lot of time and addresses systems that are considered as high availability systems. Likewise, it also addresses patch management issues that frequently updates security patches on systems. There is no way of completely securing a network, system and applications. However, periodic penetration testing and code reviews are conducted by professional security professionals and consultants for exploiting vulnerabilities and security flaws within an application.  It is now considered as a fundamental fact that if any application is connected and operates on the network, it can be exploited and compromised. Organizations are keen to build a layered defense of protection to counter cyber threats from internal and external entities. Likewise, there is a requirement of constantly monitor live traffic from and to the World Wide Web, remote connections, real time interaction of users to applications, Internet gateways and client interactions with the applications. Code reviews are essential, as patches from vendors must be tested first before implementation into the live environment. However, for effective implementation of patches, patch management practices must be documented and standardized.

Likewise, there are efficient tools available for performing effective patch management. Secondly, configuration management also plays an essential role for ensuring security for mission critical aviation applications. For instance, if a faulty hardware component is replaced with the new one, it is important to address issues with hardware compatibility, as any mal functioned device may introduce vulnerability. Thirdly, change management procedures must also be document and approved from the respective application owners prior any changes to the application. For instance, change request form requiring any changes within the application can be approved and documented for ensuring no vulnerable spots in the architecture and infrastructure. All the identified attack interfaces must be addressed by taking following factors into consideration (Mitigating security threats by minimizing software attack surfaces.2008):

• Uninstall and prevent unnecessary features
• Default utilities and programs that are installed within the operating systems must be utilized (If required)
• Strong access management by user authentication
• Remove all default passwords on the application server
• Configure only required protocols on the application server
• Limiting the unnecessary codes from the application
• Applying metrics to measure the attack surface on periodic basis
• Disabling unwanted protocols on the application server

References

Dickerson, C. (2004). The top 20 IT mistakes. InfoWorld, 26(47), 34.

Hatahet, S., Bouabdallah, A., & Challal, Y. (2010). A new worm propagation threat in BitTorrent: Modeling and analysis. Telecommunication Systems, 45(2), 95-109. doi:10.1007/s11235-009-9241-2

Mitigating security threats by minimizing software attack surfaces.(2008). Computer Economics Report, 30(5), 15-19.