THE CONVERGENCE OF INFOSEC & MOBILE FUELING THE NEXT WAVE OF CYBERSECURITY FOR TODAY’S INTERCONNECTED WORLD
PUBLISHED JANUARY 2019
INTRODUCTION
Mobile devices have become so ubiquitous that we hardly think of them as one of the most pressing threats to enterprise cybersecurity.
Gone are the days of company-provided (and controlled) Blackberry phones. With the explosion of the Internet of Things (IoT), our work and personal lives are now synchronous. This shift has been highly influenced by the consumerization of IT, where consumer-designed technology is shaping the way we conduct business and interact with one another in the workplace.
Consequently, the once-buzzworthy term — BYOD — is now the norm. A recent survey by B2B research firm, Clutch, reported that 86 percent of employees view and send work emails via their personal 1 WHAT DO EMPLOYEES ACCESS ON COMPANY-APPROVED DEVICES? devices. Another 67 percent access shared, potentially confidential documents on their Email smartphones. ��� This represents a major conundrum for IT and Calendar InfoSec professionals who must account for two ��� to three times the number of connected devices Shared documents than before BYOD became the standard. ��� Each one of these endpoints represent another Proprietary company apps vulnerability for cybercriminals to infiltrate, ��� gaining access to personally identifiable Company messaging information and company systems. And, security ��� vulnerabilities and potential data leakage are
� 2� 4� 6� 8� ��� only getting worse for businesses of all sizes, in all industries. Source | Clutch, May 2018
1 How Employees Engage with Company Cybersecurity Policies, Clutch
The Convergence of InfoSec & Mobile | © 2019 Sontiq, Inc. All Rights Reserved. 2 Following the Equifax mega breach and numerous others, 2017 was coined ALWAYS-ON: by many, “the year of the breach.” It was hard for most to believe that such devastating security incidents would continue at such a rapid pace. However, as THE DATA more devices, apps, technologies, and interconnected systems emerge daily, there has been no sign of cybercrime slowing down. In fact, the opposite is true.
DELUGE Gemalto’s Breach Level Index2 reports that 3.35 billion records were stolen, lost, or compromised in the first half of 2018. That is a 72 percent increase over the same CONTINUES time period in 2017. Identity theft was the motive behind 65 percent of breach IN 2019 incidents, with malicious outsiders at the source of 56 percent of all breaches. While securing traditional corporate systems remains a priority, Mobile Threat Defense falls behind in cybersecurity investment despite being a major source of security breaches. But why? Source | Gemalto Breach Level Index H1 2018
TURNING A BLIND EYE IT security professionals rank mobile devices as the hardest enterprise asset to defend.3 Yet, when we look at the statistics from Verizon’s Mobile Security Index, it seems that cost and convenience has outweighed information security concerns.4
• Companies are sacrificing mobile security for expediency and business performance | And, they know it. In fact, these same companies are more than twice as likely to have experienced data loss or downtime (45 percent compared to 19 percent).
• Recognizing the danger | Mobile device security prompted almost all respondents (93 percent) to agree that mobile devices present a serious and growing security threat.
• Despite mobile security awareness, many are failing to take basic precautions | Only 39 percent said they change all default passwords and over half (51 percent) didn’t have a public Wi-Fi policy.
• Most know they need to take more action | A staggering 93 percent agreed that organizations should take mobile security more seriously.
2 Breach Level Index H1 2018, Gemalto
3 2018 Annual Cybersecurity Report, Cisco
4 Mobile Security Index 2018, Verizon
The Convergence of InfoSec & Mobile | © 2019 Sontiq, Inc. All Rights Reserved. 3
MOBILE TAKEOVER
There is no mistaking that society has gone mobile. Mobile device web traffic has now overtaken that of desktop. In 2018, 52.2 percent of all web traffic worldwide was generated from mobile devices.5 And, as of 2017, more than 180 billion apps were downloaded from the App Store® alone.6
PERCENT OF WEB TRAFFIC GENERATED FROM MOBILE DEVICES 6��
����� ����� 5��
�����
4�� �����
3�� �����
2�� �����
����� ��� ���� ���� ���� �� 2��9 2��� 2��� 2��2 2��3 2��4 2��5 2��6 2��7 2��8
Source | Percentage of all global web pages served to mobile phones from 2009 to 2018, Statista
As these devices continue to get smarter and more dynamic, people are relying more than ever on their smartphones and tablets to accomplish daily tasks, make purchases, entertain themselves, and communicate in new ways.
An enormous amount of data, including CONSUMERS FLOCK TO MOBILE personal and payment information, is being transmitted by mobile devices across • Consumers spend more than 5 hours a day on their potentially unsecured networks. Considering smartphones people are generally more trusting of mobile technology, the scammers, hackers, and • In 2017, 61% of email opens occurred on mobile identity thieves are taking notice.
• People have 2x more interactions with brands on Now, more than ever, it’s critical for individuals and enterprises alike to get mobile than anywhere else serious about securing the mobile • Apps account for 89% of mobile media time devices of themselves, their employees, and partner organizations.
Source | 75+ Mobile Marketing Statistics for 2018 and Beyond, Blue Corona
5 Percentage of all global web pages served to mobile phones from 2009 to 2018, Statista
6 Cumulative number of apps downloaded from the Apple App Store from July 2008 to June 2017, Statista
The Convergence of InfoSec & Mobile | © 2019 Sontiq, Inc. All Rights Reserved. 4 WHEN TWO WORLDS COLLIDE: INFOSEC & MOBILE
The smartphones we hold in our hands and store in our pockets are more powerful than CPUs of the not-so-distant past. While this mobile power has shaped our behavior and made us more efficient, it has also exposed us to cyberattacks from new angles. All the same threats that cybercriminals impose on a PC can be replicated for mobile devices, and new attack methods are being hatched every day. The Stakes Have Never Been Higher In 2018, the average cost of a data breach in the U.S. is $7.91 million — an eight percent increase over the year prior.7 That’s a frightening proposition SIX MOBILE THREATS for any business, but what’s even scarier is that mobile devices are now a TO BUSINESSES & primary gateway to corporate breaches and identity theft. In fact, 74 percent CONSUMERS IN 2019 of IT leaders believe a mobile security vulnerability has led to their organization 1. SMS Phishing experiencing a data breach.8
2. Malware However, the fallout from a data breach goes well beyond monetary considerations. A security incident can permanently damage the trust and 3. Ransomware credibility of a brand in the view of its customers and partners — especially when it’s likely their information was exposed. Then companies have to worry 4. Unsecured Wi-Fi networks about the fact that one in three data breach victims later go on to experience 5. Unsecure messaging apps identity crimes, further damaging those relationships.9
6. Lost or stolen devices With Great Risk Comes Great Opportunity Breaches often occur because of employee negligence. For example, if someone were to download a mobile app with malicious code, such as a Trojan, it could cause the user to inadvertently and even unknowingly provide a hacker access to view and transfer their data. Corporate DATA BREACH COSTS BY INDUSTRY credentials could even be revealed. �ealth ���� A phishing scam is another example, �inancial ���� Services ���� where all it takes is one wrong tap to open �harmaceuticals ���� a virus-laden download link. And, users �echnology ���� are three times more likely to click on a �nergy ���� 10 �ducation ���� phishing email via mobile. �ndustrial ���� �ntertainment ���� This constant mobile threat presents a �onsumer ���� tremendous opportunity for IT and InfoSec Media ���� professionals to not only implement �ransportation ���� �ommunication ���� training programs for their employees, �ospitality ���� but to use the statistics in this whitepaper �etail ���� to justify a higher cybersecurity budget in �esearch ��� �ublic ��� 2019 and beyond.
�� �5� ���� ��5� �2�� �25� �3�� �35� �4�� �45�
SOURCE | The 2018 Cost of a Data Breach 7 The 2018 Cost of a Data Breach Study, Ponemon Institute Study, Ponemon Institute 8 Buying into Mobile Security, IDG
9 2018 Identity Fraud: Fraud Enters a New Era of Complexity, Javelin
10 The Rise of Mobile Phishing Attacks and How to Combat Them, CSO
The Convergence of InfoSec & Mobile | © 2019 Sontiq, Inc. All Rights Reserved. 5 MOBILE THREAT DEFENSE: AN INTEGRAL ASSET FOR IT
Despite IT’s best efforts, staying ahead of cybercriminals can seem like a futile task. Employees are bringing their own devices to work, telecommuting, browsing social media, downloading apps, and sending work-related communications while on-the-go. This behavior leaves organizations more vulnerable to cyberattacks than ever.
That’s why it’s critical to leverage tools and software that empower an IT team to identify potential threats before they escalate into a security vulnerability or data breach. A comprehensive approach that monitors all devices, while also taking into consideration the associated threats that may arise, is essential.
The pairing of our Identity Theft Protection with our Mobile Defense Suite™ alerts enterprises to mobile threats accessing their system, while also providing individuals with control over securing their personal devices. As a result, users get complete peace of mind that if their personal information were compromised, they have best-in-class support to fully recover their good name.
Built on the foundation of an award-winning mobile app powered by EZShield, a Sontiq brand, Mobile Defense Suite focuses on four key components to mitigate threats for the entire digital footprint:
AN AWARD-WINNING MOBILE APP Recently earning the 2018 BankNews Innovative Solutions Award for Best Authentication/Fraud/Cybersecurity Solution, the EZShield mobile app provides anywhere, anytime access to all the monitoring and reporting behind protecting an individual’s personal information and identity.
The Convergence of InfoSec & Mobile | © 2019 Sontiq, Inc. All Rights Reserved. 6 Mobile Attack Control™
This solution signals through comprehensive device scanning if an individual’s mobile device has been compromised. These threats may include rogue applications, spyware, and alerting around unsecured Wi-Fi connections (another way to distribute malware) and even fake networks (i.e., network spoofing).
Mobile Attack View™
An enterprise Dashboard for IT and InfoSec Teams provides a single-source view of mobile threats to your customer or employee population on your system that may need action in order to lock down specific devices and identify a potential security risk or incident.
Mobile Attack Recovery™
Provides consumers and individual users with steps for remediation and white-glove restoration if an incident does lead to an identity theft incident. More information about EZShield Restoration services can be found here.
At a glance view Detailed notification Click-to-call to gain instant access of most recent that malware has to in-house, U.S. call center to assist mobile threats. been detected with with threat resolution (our Mobile actionable next steps. Attack Recovery service).
The Convergence of InfoSec & Mobile | © 2019 Sontiq, Inc. All Rights Reserved. 7
PROTECTING YOUR BUSINESS’ MOST CHERISHED ASSETS
ADDITIONAL By not implementing any protocols around mobile security at your organization, RESOURCES you’re all but guaranteeing a data breach will occur — leading to massive financial losses, reputational damage, identity theft incidents, and scrutiny from government bodies.
SMALL BUSINESS If you’re concerned about cyberthreats infiltrating your company’s systems, let IDENTITY THEFT IS BIG BUSINESS FOR one of our experts walk you through the features of Mobile Defense Suite to see FRAUDSTERS
How to Keep Your Business, Employees, if it makes sense for protecting your employees, customers, and partners. and Customers Safe from Cybercrime
“ By embracing a new, powerful combination of
PUBLISHED JANUARY 2019 identity theft protection with mobile security — where previously protecting mobile devices was only seen through the lenses of vulnerability 3RD ANNUAL EDITION management, anomaly detection, and intrusion The 2018 Field Guide to Identity Crime The Financial Institution’s Guide to Protecting prevention — we're delivering on our Account Holders in 2019 promise to safeguard the entire individual identity digital footprint.”
Rich Scott | Chief Revenue Officer |Sontiq
SUBSCRIBE TO FIGHTING IDENTITY CRIMES FOR WEEKLY UPDATES ON PERSONAL PROTECTION, SMALL BUSINESS PROTECTION, BREACH AND SCAM NEWS, AND IDENTITY PROTECTION RESOURCES.
The Convergence of InfoSec & Mobile | © 2019 Sontiq, Inc. All Rights Reserved. 8 Schedule a Check out our suite of Give us a call at Sign up for the Demo products online 1-888-6-SONTIQ EZShield newsletter
ABOUT SONTIQ Sontiq, headquartered in Nottingham, MD, is a high-tech security and identity protection company arming businesses and consumers with award-winning products built to protect what matters most. Sontiq’s brands, EZShield and IdentityForce, provide a full range of identity monitoring, restoration, and response products and services that empower customers to be less vulnerable to the financial and emotional consequences of identity theft and cybercrimes. Learn more at www.sontiq.com or engage with us on Twitter, Facebook, LinkedIn, or YouTube.
The Convergence of InfoSec & Mobile | © 2019 Sontiq, Inc. All Rights Reserved. 9