mobile device security threats governance and safeguards
play

Mobile Device Security: Threats, Governance, and Safeguards Larry - PowerPoint PPT Presentation

Jun 09, 2023 •364 likes •1.3k views

April 2016 Mobile Device Security: Threats, Governance, and Safeguards Larry G. Wlosinski, CISSP, CAP, CCSP, CISM, CISA, CRISC, CBCP, CDP, ITIL v3 L_Wlosinski@Hotmail.com 1 Larry G. Wlosinski, CISSP, CAP, CCSP, CISM, CISA, CRISC, CBCP, CDP,

  1. April 2016 Mobile Device Security: Threats, Governance, and Safeguards Larry G. Wlosinski, CISSP, CAP, CCSP, CISM, CISA, CRISC, CBCP, CDP, ITIL v3 L_Wlosinski@Hotmail.com 1

  2. Larry G. Wlosinski, CISSP, CAP, CCSP, CISM, CISA, CRISC, CBCP, CDP, ITIL v3  Federal Government Experience (25+ yrs.) ◦ EPA, NIH, CMS, DOJ, DHS, DOE, DIA, NOAA, SSA  Commercial Industry Experience (14 yrs.) ◦ Insurance, International & Interstate Banking, Collections, Small Business  Consulting Experience ◦ Veris Group, LLC – Senior Associate ◦ Computer Sciences Corp. (CSC) – Section Manager ◦ Lockheed Martin – IT Security Manager ◦ Booz Allen Hamilton (BAH) – Associate ◦ And others – Sr. IT Security Engineer, Project Manager, etc.  IT Security Expertise (16+ yrs.) ◦ Cybersecurity ◦ IT Security Assessments (C&A/A&A, Risk, Audit) ◦ Continuity Planning (OEP, BIA, ISCP, COOP, DRP, Devolution, etc.) ◦ Cloud Security ◦ Policy, Procedures, Guidance, Standards, Templates, Checklists ◦ Incident Response & Planning 2

  3. Agenda  Current State of Mobile Security  Threats  Vulnerabilities  Risks  Governance  Safeguards 3

  4. Objectives  Provide information about the current state of mobile security  Present the treats to mobile devices  Present the common device vulnerabilities  Provide an understanding of the risks associated with mobile security devices  Provide governance advice  Provide a list of safeguards and best practices 4

  5. Current State of Mobile Security Most Commonly Used Mobile Platform Insider Security Metrics The Impact of Mobile Devices on Information Security: A Survey of IT Professionals Mobile Security Incidents Are Very Expensive BYOD Grows Quickly and Creates Problems for Organizations State of Mobile App Security – Financial Services, Retail, Health/Medical 5 Myths About Mobile Security and Their Realities 7 Security Mistakes People Make With Their Mobile Device Top 8 Enterprise Mobility Security Issues Greatest Security Concerns 5

  6. 6

  7. Insider Security Metrics 7

  8. The Impact of Mobile Devices on Information Security: A Survey of IT Professionals Increasing numbers of mobile devices connect to corporate networks  93% have mobile devices connecting to their corporate networks  67% allow personal devices to connect to corporate networks Customer information on mobile devices causes security concerns  53% report there is sensitive customer information on mobile devices, up from 47% last year (2012)  94% indicate lost or stolen customer information is grave concern in a mobile security incident http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report2013.pdf 8

  9. Mobile Security Incidents Are Very Expensive  79% report mobile security incidents in the past year  52% of large companies say cost of mobile security incidents last year exceeded $500,000  45% of businesses with less than 1000 employees reported mobile security incident costs exceeding $100,000  49% cite Android as platform with greatest perceived security risk (up from 30% last year), compared to Apple, Windows Mobile, and Blackberry  66% say careless employees greater security risk than cybercriminals http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report2013.pdf 9

  10. BYOD Grows Quickly and Creates Problems for Organizations Among companies that allow personal devices to connect to corporate networks:  96% say number of personal devices connecting to corporate networks is growing  45% have more than five times as many personal mobile devices as they had two years ago, an increase from 36% last year  63% do not manage corporate information on personal devices  93% face challenges adopting BYOD policies  Securing corporate information cited as greatest BYOD challenge ( 67%) http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report2013.pdf 10

  11. State of Mobile App Security Arxan analysis of the top 100 paid and top 20 most popular free apps reveals that a majority have been hacked:  97% of top paid android apps have been hacked  87% of top paid iOS apps have been hacked  80% of the most popular free Android apps have been hacked  75% of the most popular free iOS apps have been hacked https://www.arxan.com/wp-content/uploads/assets1/pdf/State_of_Mobile_App_Security_2014_final.pdf 11

  12. State of Mobile App Security In Financial Services:  Research has shown that hacking or malware has been the predominant method of Credit Card data breaches that occurred from 2005 to 2014  Most apps have been hacked. The research of top financial apps reveals that:  95% of Android apps have been hacked  70% of iOS apps have been hacked  The research also reveals a growing trend of financial app hacking  Android app hacking increased from 76% to 95%, from 2013 to 2014  iOS app hacking increased from 36% to 70%, from 2013 to 2014 https://www.arxan.com/wp-content/uploads/assets1/pdf/State_of_Mobile_App_Security_2014_final.pdf 12

  13. State of Mobile App Security In Retail:  The study of top retail apps reveals that:  90% of Android apps have been hacked  35% of iOS apps have been hacked In Healthcare/Medical:  Hacks are on the rise. A separate analysis revealed that 42% of total records compromised so far in 2014 were from medical and healthcare organizations  Similarly, our research shows that many sensitive medical/healthcare apps have been hacked – 90% of Android apps have been hacked, 22% of these apps were FDA approved apps https://www.arxan.com/wp-content/uploads/assets1/pdf/State_of_Mobile_App_Security_2014_final.pdf 13

  14. 5 Myths About Mobile Security and Their Realities 1. Mobile devices don't store sensitive corporate data 2. Strong authentication schemes, password management controls, and device PINs are sufficient to prevent unauthorized access 3. Users are running the latest versions of iOS and Android, so they're up to date with bug fixes and other security patches. 4. Public app stores like Apple's App Store and Google's Play are safe sources, because they verify apps and block malware. 5. Secure access is not possible using public Wi-Fi network. http://www.csoonline.com/article/2133887/privacy/five-myths-about-mobile-security-and-their-realities.html 14

  15. 7 Security Mistakes People Make With Their Mobile Device 1. Failing to lock down your device 2. Not having the most up to date (and therefore the most secure) versions of your apps 3. Storing sensitive, work-related data on an unauthorized device 4. Opening questionable content 5. Not adhering to your company's social media policies 6. Not equipping employees' devices with some form of MDM or encryption 7. Using public or unsecure Wi-Fi http://www.csoonline.com/article/2131323/data-protection/134543-7-security-mistakes-people-make-with- their-mobile-device.html 15

  16. Top 8 Enterprise Mobility Security Issues 1. Inadequate control over lost/stolen devices 2. Users who don’t follow mobile policies 3. Rogue apps and malware 4. Poor separation of work and personal content and apps 5. Limited protection for data at rest and in transit 6. Difficulty monitoring the entire mobile fleet 7. Challenges with compliance and flexibility (meeting the needs of all users) 16

  17. Greatest Security Concerns* 1. Policies that do not make business sense 2. Policies not implemented properly by mobile/endpoint IT teams 3. Policies not implemented properly by data centers, operations 4. Abuse of policies (e.g., downloading apps) 5. Device access into corporate network 6. Unknown, unauthorized, unmanaged mobile devices accessing the network 7. Data loss due to theft of mobile device (other than laptop) 8. Unauthorized data distribution from mobile device 9. Authorized devices introducing malware into network 10. Data loss due to inadvertent loss of mobile device (including laptop) 11. Data loss due to laptop theft *CISO Executive Briefing: Building an effective Mobile Security Governance Program (7/20/11) 17

  18. Threats Mobile Device Threats Malicious Mobile Applications 10 Trickiest Mobile Security Threats Mobile Threats to Protect Against Software-Based Threats Threats from Exploitation of Vulnerable Mobile Operating System Web-Based Threats Network-Based Threats Physical Threats Mobile Device Threats to the Enterprise User-Based Threats Service Provider-Based Threats High-Level Threats and Vulnerabilities Government Mobile and Wireless Security Baseline 18

  19. Mobile Device Threats Type Category Application-based Malware Spyware Privacy threats Vulnerable applications Web-based Phishing scams Drive-by Downloads Browser exploits Network Network exploits Wi-Fi sniffing Physical Lost or stolen devices https://www.lookout.com/resources/know-your-mobile/what-is-a-mobile-threat 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit

Threats to Mobile Devices Possible attack threats to mobile devices Network exploit Hackers takes advantage of vulnerability or flaw of users web browser on mobile device in WiFi communication to attack victims. Hackers send

464 views • 30 slides
Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device

Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device

Towards a Unified Framework for Mobile Device Security Wayne A. Jansen, NIST Mobile Device Background* Mobile Device Background* Mobile Device Background* Mobile Device Background* Inexpensive, ubiquitous, wireless, networked,

478 views • 19 slides
Mobile Security Trends and Emerging Threats Sandra J.H. Rolnicki ForenSecure April 28, 2017

Mobile Security Trends and Emerging Threats Sandra J.H. Rolnicki ForenSecure April 28, 2017

Mobile Security Trends and Emerging Threats Sandra J.H. Rolnicki ForenSecure April 28, 2017 Agenda (1) Macro- and Micro-Trends Impacting Mobile (2) Vulnerabilities in the Mobile Ecosystem (3) Threat Actors and Emerging Threats (4) Mobile

244 views • 11 slides
Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security

Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security

CS 155 Spring 2018 Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories Physical, platform malware, malicious apps Defense

1.17k views • 93 slides
Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction:

Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction:

Spring 2018 CS 155 Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories n Physical, platform malware, malicious apps Defense against physical theft Thurs

1.28k views • 64 slides
CS 563 Mobile OS & Device Security Advanced Computer Security CS 563 University of Illinois

CS 563 Mobile OS & Device Security Advanced Computer Security CS 563 University of Illinois

CS 563 Mobile OS & Device Security Advanced Computer Security CS 563 University of Illinois at Urbana-Champaign Presentation by: Gliz Seray Tuncay Administrative Announcements : Reaction paper was due today (and all classes)

807 views • 52 slides
Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device

Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device

Mobile Application Security Testing and Code Review 19 Nov 2013 Mobile and Smart Device Security 2013 Boston, MA Presen sented ted by: Francis Brown & Joe DeMesy Bishop Fox www.bishopfox.com Introductions VERY QUICKLY

3.77k views • 83 slides
Latest Trends in Mobile Security By M K Chaithanya C-DAC Hyderabad Outline Introduction

Latest Trends in Mobile Security By M K Chaithanya C-DAC Hyderabad Outline Introduction

Latest Trends in Mobile Security By M K Chaithanya C-DAC Hyderabad Outline Introduction Statistics of Mobile Usage Current State of Mobile Security Recent Attacks Various Mobile Threats Security & Privacy

1.03k views • 57 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Governance, Institutions and Equity: Safeguards for biodiversity financing Principles for

Governance, Institutions and Equity: Safeguards for biodiversity financing Principles for

Governance, Institutions and Equity: Safeguards for biodiversity financing Principles for substantive and procedural safeguards Dr. Claudia Ituarte-Lima, Stockholm Resilience Centre claudia.ituarte@su.se Quito II Seminar Dialogue Scaling up

525 views • 13 slides
Governance One Mobile App For many Government Services 1 . UMANG MOBILE WEB UMANG MOBILE

Governance One Mobile App For many Government Services 1 . UMANG MOBILE WEB UMANG MOBILE

DARPG Awards National e-Governance Division Category II - Excellence in providing Citizen Centric Delivery Ministry of Electronics and Information Technology Unified Mobile Application for New-Age Governance One Mobile App For many Government

519 views • 13 slides
Overview Safeguards Focus on IMF Lending Assessments The Forum Governance & ELRIC 2

Overview Safeguards Focus on IMF Lending Assessments The Forum Governance & ELRIC 2

Central Bank Governance Forum Dubai, December 8-9 Mr. Simon Bradbury Deputy Director Finance Department, IMF 1 Overview Safeguards Focus on IMF Lending Assessments The Forum Governance & ELRIC 2 IMF Core Functions Surveillance

346 views • 10 slides
IT Security Controls By: Jay Chen What are IT Security Controls? Safeguards or

IT Security Controls By: Jay Chen What are IT Security Controls? Safeguards or

IT Security Controls By: Jay Chen What are IT Security Controls? Safeguards or countermeasures to avoid, detect, counteract, or minimize security risk Types of Controls Preventive Controls (E.g. Password lockout after 5 failed

483 views • 31 slides
Nuclear Safety, Security and Safeguards Alberto Muti Contents Safety, Security, Safeguards

Nuclear Safety, Security and Safeguards Alberto Muti Contents Safety, Security, Safeguards

Nuclear Safety, Security and Safeguards Alberto Muti Contents Safety, Security, Safeguards as Policy Areas Nuclear Safety Nuclear Security Nuclear Safeguards Introduction Safety, Security, Safeguards as policy areas: forms

730 views • 34 slides
Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda Protecting mobile devices and your privacy Protecting Mobile Devices and Your Privacy Before We Start The City of Phoenix does not

971 views • 52 slides
Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in

Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in

Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in 16 January 2002 Security Issues in Mobile Agents 1 Overview of the Talk The Mobile Agent Paradigm Security Threats and Counter Measures

587 views • 24 slides
"Please Put On Your Own Mask Before Assisting Others" / Ethical Self-Care in the Age

"Please Put On Your Own Mask Before Assisting Others" / Ethical Self-Care in the Age

"Please Put On Your Own Mask Before Assisting Others" / Ethical Self-Care in the Age of COVID-19 Dennis Malloy, LCSW Greg Sims, LPC September 11, 2020 Objectives Examine how our Professional Ethics obligations impact and

920 views • 58 slides
Recreation Ray Osmond Director Facilities for the Community Services Future October 2, 2010

Recreation Ray Osmond Director Facilities for the Community Services Future October 2, 2010

Recreation Ray Osmond Director Facilities for the Community Services Future October 2, 2010 Guiding Principles Aligned with the Parks and Recreation Master Plan 2005 Reflects pertinent recommendations of the Lifestyle Centre

1.11k views • 70 slides
CLEAN-UP OF A MAJOR DIESEL SPILL IN WESTERN AUSTRALIA R Stewart 1 , G Webster 1 , E Travers 1 , J

CLEAN-UP OF A MAJOR DIESEL SPILL IN WESTERN AUSTRALIA R Stewart 1 , G Webster 1 , E Travers 1 , J

THE USE OF REMSCAN TO ACCELERATE THE CLEAN-UP OF A MAJOR DIESEL SPILL IN WESTERN AUSTRALIA R Stewart 1 , G Webster 1 , E Travers 1 , J Filmer 1 , J Elsworth 1 , C Lawrence 1 , S Forrester 2 , L Janik 2 , M McLaughlin 2 1 Ziltek Pty Ltd, 40-46

217 views • 18 slides
EVALU AT I N G T H E BEN EFI T S OF SM ART ST ORM WAT ER SY ST EM S Summary of research outcomes

EVALU AT I N G T H E BEN EFI T S OF SM ART ST ORM WAT ER SY ST EM S Summary of research outcomes

EVALU AT I N G T H E BEN EFI T S OF SM ART ST ORM WAT ER SY ST EM S Summary of research outcomes Mark Thyer, Holger Maier, Intelligent Water Decisions Research Group, University of Adelaide Michael DiMatteo, Water Technology Pty Ltd this

214 views • 5 slides
MIDTERM RESULTS OF PROXIMAL SEALING WITH OVATION STENTGRAFT ACCORDING TO THE INSTRUCTION FOR USE

MIDTERM RESULTS OF PROXIMAL SEALING WITH OVATION STENTGRAFT ACCORDING TO THE INSTRUCTION FOR USE

MIDTERM RESULTS OF PROXIMAL SEALING WITH OVATION STENTGRAFT ACCORDING TO THE INSTRUCTION FOR USE vs OFF-LABEL CONDITION Gianmarco de Donato Assistant Professor Vascular Surgery University of Siena Vascular Surgery, University of Siena -

641 views • 22 slides
Power Production Quarterly Commission Update 4/14/2020 Powering our way of life. Department

Power Production Quarterly Commission Update 4/14/2020 Powering our way of life. Department

Power Production Quarterly Commission Update 4/14/2020 Powering our way of life. Department Purpose and Goal Purpose: Provide safe, secure, economical, reliable and compliant power generation under the Priest Rapid Project Federal Energy

664 views • 52 slides
Ozarks Clean Air Alliance Update Missouri Air Conservation Commission Meeting Springfield, MO

Ozarks Clean Air Alliance Update Missouri Air Conservation Commission Meeting Springfield, MO

Ozarks Clean Air Alliance Update Missouri Air Conservation Commission Meeting Springfield, MO September 27, 2019 Who we are Mission: Focus on improving local air quality Formed in response to 2002 community needs survey Spearheaded

386 views • 11 slides
CALL FOR PRESENTATIONS 2011 Missouri Reentry Conference Evidence-Based & Life Changing

CALL FOR PRESENTATIONS 2011 Missouri Reentry Conference Evidence-Based & Life Changing

CALL FOR PRESENTATIONS 2011 Missouri Reentry Conference Evidence-Based & Life Changing Community, Corrections & Collaboration November 16-18, 2011 (6 th Annual Conference) Lake of the Ozarks, Tan-Tar-A Resort, Osage Beach, MO

276 views • 3 slides

More recommend