From JP Morgan to Home Depot to Sony, 2014 saw digital attacks that were unprecedented in both impact and sophistication. As we look ahead, mobility is the perfect breeding ground for attacks in 2015. We rely on mobile devices and apps more than ever. They are always connected and increasingly hold our most sensitive financial and personal information.
Here are four mobile security trends to watch in 2015:
Attackers will look to apps. With the emergence of Wirelurker and the Masque Attacks on iOS, app threats are no longer exclusive to Android. With organizations on high alert, we will see businesses embrace App Reputation Services and Mobile Threat Prevention solutions to go beyond identifying OS compromise to spot malicious and risky apps. These solutions will continue to leverage enterprise mobility management (EMM) solutions to take action to mitigate malicious apps and devices, through quarantine and selective wipe.
Open WiFi will remain low-hanging fruit. As long as free WiFi exists, users will continue to use it, unaware of the risks. Enterprises that support mobile devices will adopt certificate-based authentication to provide mutual authentication and proactively deter interception and man-in-the-middle attacks.
Retailers will embrace Mobile POS. From a security perspective, 2014 was a tough year for some very prominent retailers. Attackers exploited vulnerabilities in legacy point-of-sale (POS) technology to the chagrin of retailers and consumers alike. With the deadline quickly approaching for merchants to meet PCI DSS 3.0 requirements by January 1, 2015, retailers now have another reason to fortify their deployments. As retailers replace legacy POS terminals to support EMV, more and more will devote budget to mobile POS to improve the customer experience, offer line-busting, improve security, and save money. In addition, the PCI Council has stated “EMV is not a silver bullet” for preventing a breach. The PCI Council also recommends P2PE (Point-to-Point Encryption) and “device management services.”
The network edge will continue to blur. In 2015, organizations will begin incorporating mobile context into their security strategies. As mobile becomes ubiquitous, firewalls, IPS, malware protection systems, and other legacy technologies will not be equipped to protect corporate information in mobile environments. Security organizations will need a better view into the security context of devices, apps, and mobile networks to automate security controls for protecting corporate data. As data increasingly exists on mobile devices and in the cloud, solutions that can secure and separate corporate clouds and personal clouds will gain traction.
The bottom line is that 2015 will see attackers focused more on mobile attacks. As a result, organizations will scramble to fortify their deployments. To quote Sun Tzu’s Art of War, "So in war, the way is to avoid what is strong and to strike at what is weak." It will be important for organizations with mobile deployments to ensure their security strategy covers the weaknesses that remain in many deployments. "The art of war teaches us to rely, not on the likelihood of the enemy’s not coming, but on our own readiness to receive him." Ensure your defenses are up for 2015. The security technology exists and it's time to embrace it.Michael T. Raggo has over 20 years of security research experience. His current focus is social media threats impacting the enterprise. Michael is the author of "Mobile Data Loss: Threats & Countermeasures" and "Data Hiding: Exposing Concealed Data in Multimedia, Operating ... View Full Bio