Story image

Exclusive interview: ESET on protecting the mobile workforce

01 Dec 17

The Australian and New Zealand cyber security market can expect to see more instances of ransomware, DDoS attacks and attacks against Internet of Things (IoT) devices, says Nick FitzGerald.

FitzGerald is a senior research fellow at ESET, a global IT security company. In Australia, ESET's office is located in Sydney, whereas, in New Zealand, the company is represented by its Auckland-based distributor Chillisoft.  

Now, more than ever before, FitzGerald continues, enterprises will need to increasingly rely on the guidance of security experts - especially with workplace initiatives like BYOD (Bring Your Own Device) and flexible working conditions, such as working from home/public places, creating greater cyber risks. 

"IT security spend on endpoint security programs, 2FA and encryption will likely increase to ensure digital data remains secure."

In this exclusive interview, FitzGerald continues to discuss the state of the Australian and New Zealand cyber security market and what enterprises must do to protect their assets as workplace mobility becomes increasingly mainstream. 

How responsive are Australian and New Zealand businesses to the IT market’s evolving cyber security requirements? How does being mobile change these requirements from traditional, office-based enterprises?

ANZ businesses are at different stages of addressing the security requirements and challenges.

Some businesses adapt quickly, while others are slower to respond as resources vary between organisations and many are already overloaded with digital transformation projects.

Business scalability is often the priority, leading some businesses to address security as an afterthought, rather than considering it during the planning phase. Moving to mobile adds another layer of complexity, as employers and security experts will have to consider cybersecurity beyond the traditional office perimeter.

Now, more than ever before, enterprises need to look further ahead and plan their technology designs based on future business goals, while incorporating current business objectives, and addressing cyber threats as they evolve.

With the workplace mobility on the rise, what cyber security practices should be in place to ensure enterprises and their mobile workforce are protected?

Mobile users have placed particular strain on traditional access management strategies.

Solving those issues has really driven the demand for two- (or multi-) factor authentication systems, and more sophisticated federated identity management and single sign-on authentication services.

Other issues with an increasingly mobile workforce include ensuring that sensitive data is properly handled by being encrypted in-flight and at rest, and managing which apps and services an enterprise’s mobile workforce has access to.

End-user education is possibly even more important for mobile workers, who may have quite different background experiences and attitudes to the use of their personal devices, compared to what may be acceptable with an enterprise-supplied, or corporate-connected BYOD device.

Therefore, driving awareness amongst employees around safe mobile practices is key to protecting a mobile workforce.

How do these increasingly mobile workforces impact and complicate the cyber security practices needed?

Perhaps the largest impact of our increasingly mobile workforce is the loss of the classic “security perimeter”, which was defined in terms of physical locations, firewalls, routers and other pieces of on-site network kit.

Heavily mobile workforces increasingly result in the so-called “borderless enterprise” where security depends more and more on identity and access management and less on concepts such as a network boundary.

Single-sign-on and federated identity management services are increasingly important to ensure only the right people have access to certain data and applications.

This, in turn, drives greater interest in “soft token” apps which generate a single login PIN as a means to replace the management problems and costs associated with hardware tokens, as more and more employees are now requiring the kinds of authentication and verification services that tokens provide.

With the rise of an application powered economy, what new risks does this pose to mobile devices?

Software supply chain attacks are becoming more common and can even affect apps provided by legitimate developers.

This is particularly true for software developers that are not especially careful about third-party code and the security of the computers and devices they use for their own app development work.

These vulnerabilities can then be used to attack or compromise any end-user device running the affected apps.

User education also remains critical. A report by Arxan found that many users were downloading apps from unofficial stores, making them vulnerable to attacks and therefore compromising any access to company data on the infected device.

App-based environments provide an easy target to side-step traditional network security, meaning the perimeter of protection has expanded.

IT security spend should increase accordingly on endpoint security and device management programs to cater for the rise of the application economy and the increased risks a mobile workforce brings.

AWS tops all four global markets, APAC a unique case
The order of proceedings remains relatively the same in three of the four major regions for public cloud services providers, but the APAC market is bolstered by the prominence of China.
How artificial intelligence is transforming finance teams
"Organisations using cognitive ergonomics and system design in new AI projects will achieve long-term success four times more often than others.” 
Pure Storage launches new cloud data services
“Customers should be able to make infrastructure choices based on what’s best for their environment, not constrained by what the technology can do."
Is self-service BI living up to the hype?
the explosion of data available to a business and self-service BI tools is transforming how everyone works - but is self-service living up to expectations?
What the people say - Gartner’s November Customers’ Choices
A roundup of the latest Gartner Peer Insight Customers’ Choices from Backup and Recovery to Business Intelligence and Analytics, and more.
How organisations can use AI to generate business insights
DataRobot’s automated machine learning enhanced Precision Marketing’s predictive modelling capabilities.
WA council first to adopt new Datacom tech for local government
The early adopter Shire of Majinup’s initial priority is to use Datascape to help it engage more closely with its community.
Retail-tech firm Insite AI signs deal with Chemist Warehouse
The firm is also raising $2 million in pre-seed funding.