Story image

Exclusive interview: ESET on protecting the mobile workforce

01 Dec 2017

The Australian and New Zealand cyber security market can expect to see more instances of ransomware, DDoS attacks and attacks against Internet of Things (IoT) devices, says Nick FitzGerald.

FitzGerald is a senior research fellow at ESET, a global IT security company. In Australia, ESET's office is located in Sydney, whereas, in New Zealand, the company is represented by its Auckland-based distributor Chillisoft.  

Now, more than ever before, FitzGerald continues, enterprises will need to increasingly rely on the guidance of security experts - especially with workplace initiatives like BYOD (Bring Your Own Device) and flexible working conditions, such as working from home/public places, creating greater cyber risks. 

"IT security spend on endpoint security programs, 2FA and encryption will likely increase to ensure digital data remains secure."

In this exclusive interview, FitzGerald continues to discuss the state of the Australian and New Zealand cyber security market and what enterprises must do to protect their assets as workplace mobility becomes increasingly mainstream. 

How responsive are Australian and New Zealand businesses to the IT market’s evolving cyber security requirements? How does being mobile change these requirements from traditional, office-based enterprises?

ANZ businesses are at different stages of addressing the security requirements and challenges.

Some businesses adapt quickly, while others are slower to respond as resources vary between organisations and many are already overloaded with digital transformation projects.

Business scalability is often the priority, leading some businesses to address security as an afterthought, rather than considering it during the planning phase. Moving to mobile adds another layer of complexity, as employers and security experts will have to consider cybersecurity beyond the traditional office perimeter.

Now, more than ever before, enterprises need to look further ahead and plan their technology designs based on future business goals, while incorporating current business objectives, and addressing cyber threats as they evolve.

With the workplace mobility on the rise, what cyber security practices should be in place to ensure enterprises and their mobile workforce are protected?

Mobile users have placed particular strain on traditional access management strategies.

Solving those issues has really driven the demand for two- (or multi-) factor authentication systems, and more sophisticated federated identity management and single sign-on authentication services.

Other issues with an increasingly mobile workforce include ensuring that sensitive data is properly handled by being encrypted in-flight and at rest, and managing which apps and services an enterprise’s mobile workforce has access to.

End-user education is possibly even more important for mobile workers, who may have quite different background experiences and attitudes to the use of their personal devices, compared to what may be acceptable with an enterprise-supplied, or corporate-connected BYOD device.

Therefore, driving awareness amongst employees around safe mobile practices is key to protecting a mobile workforce.

How do these increasingly mobile workforces impact and complicate the cyber security practices needed?

Perhaps the largest impact of our increasingly mobile workforce is the loss of the classic “security perimeter”, which was defined in terms of physical locations, firewalls, routers and other pieces of on-site network kit.

Heavily mobile workforces increasingly result in the so-called “borderless enterprise” where security depends more and more on identity and access management and less on concepts such as a network boundary.

Single-sign-on and federated identity management services are increasingly important to ensure only the right people have access to certain data and applications.

This, in turn, drives greater interest in “soft token” apps which generate a single login PIN as a means to replace the management problems and costs associated with hardware tokens, as more and more employees are now requiring the kinds of authentication and verification services that tokens provide.

With the rise of an application powered economy, what new risks does this pose to mobile devices?

Software supply chain attacks are becoming more common and can even affect apps provided by legitimate developers.

This is particularly true for software developers that are not especially careful about third-party code and the security of the computers and devices they use for their own app development work.

These vulnerabilities can then be used to attack or compromise any end-user device running the affected apps.

User education also remains critical. A report by Arxan found that many users were downloading apps from unofficial stores, making them vulnerable to attacks and therefore compromising any access to company data on the infected device.

App-based environments provide an easy target to side-step traditional network security, meaning the perimeter of protection has expanded.

IT security spend should increase accordingly on endpoint security and device management programs to cater for the rise of the application economy and the increased risks a mobile workforce brings.

How Red Hat aims to accelerate business value with container technologies
Red Hat announced that leading global companies are creating, extending and deploying integration services across hybrid and multicloud environments using agile integration architectures based on Red Hat technologies.
IT employers having to up salaries and bonuses to attract talent
As the modern economy relies increasingly on data, it’s certainly a good time to be working in IT.
Red Hat expands integration product capabilities
Adds end-to-end API lifecycle support and new capabilities for agile integration across hybrid architectures.
Electric car infrastructure needs to be a high priority
“Australians should be able to drive all over this massive nation with complete confidence in a zero-emission vehicle.”
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
BMC adds IBM Cloud, Watson to Helix solution
BMC Helix with IBM Watson delivers cognitive insights across structured and unstructured federated knowledgebases.
Hyundai works with IBM to create a new blockchain-based platform
The network for commercial financing will supposedly provide participants with a single view of all the transactions happening in the network.
Why businesses should invest in energy automation
In industrial applications digital transformation allows businesses to do more with less.