Another Mobile World Congress (MWC) show has come and gone, and we have to say that this year’s was the best yet! Of course, MWC never disappoints, with new releases and upgrades from the world’s largest mobile and tech companies. This year, however, some of the biggest news was around two come-back brands, Nokia and Blackberry. Along with these announcements, there were educational sessions about some of the biggest topics in mobile. Here’s an overview of two stand-out subjects that intrigued us at the show.
Social Engineering: Hacking the User
Most of us have heard that humans are the weakest link when it comes to cyber security. No matter how many security tools, processes or tips we’re presented with, we still find a way to put our data in harm’s way. The everyday consumer is beginning to realize that everything can be hacked—from his phone to his automobile—even his home appliances.
But it’s not just traditional cyber-attacks that consumers should be worried about. Social engineering is also a threat. Wikipedia defines social engineering, in the context of information security, as the “psychological manipulation of people into performing actions or divulging confidential information.”
Social engineering makes us vulnerable to malicious threats in real life. An example from New York Times tells the story of dating websites that target older women. These women are often retired and living alone, and online fraudsters take advantage of their loneliness to build phone and email relationships until they feel comfortable asking for money. According to the federal Internet Crime Complaint Center, in 2014, nearly 6,000 people registered complaints of such confidence fraud with losses of $82.3 million.
Security measures on many sites and apps (such as the dating app discussed above) are sometimes sacrificed to make products easier to use. And, for users, there’s a disconnect between the information they would freely give on a mobile phone or app or online and the information they would give on over the phone or in-person.
The answer to combating such problems is consumer education—or re-education, as it were. Technology companies need to let consumers know that they should approach giving their information away in the digital world in the same way that they would approach doing so in the physical world.
As Dror Liwer, CSO & Co-Founder of Coronet, put it, the future of security and anti-social engineering is giving users the tools to make decisions so they can take ownership—as opposed to expecting them to take ownership without any guidance.
Threat Prevention with the Internet of Things (IoT)
The Internet of Things (IoT) is here, and it’s already reached wide-scale adoption. However, we haven’t fully addressed the risks that this phenomenon brings. As Scott Stevens, VP of Service Provider Business Worldwide for Palo Alto Networks explains, when we think of security, we may think of the old philosophy of having firewall, DPI or web gateway and doing all it independently. Those days are over. If we don’t have consolidated security structure that has context and awareness of what we need to control, then we’re wasting our time.
Unfortunately, security vendors have historically built features and then wrapped them up to look like products. All of these products were independent of each other, so the burden of making them work together became a manual process for IT teams. What’s needed in an IoT world is automated feedback loops in the security framework – so we can understand how we’re securing the infrastructure. The question arises: If everything is connected, does that make it more difficult to keep our organizations safe?
The first set of IoT attacks originated in one network and attacked another. Now we’re seeing ‘things’ attacking the host network – the carrier they’re attached to. It’s a constantly evolving security threat that must be addressed. But how? Here are some tips Stevens provides to IT employees:
- Re-consider encryption as your only safeguard. Encryption is often decrypted, so don’t assume it’s always safe.
- IoT attacks are newly-built. Think about whether or not your legacy firewalls and other prevention methods are still effective.
- Don’t disregard malware as a threat in the Linux and IoT Spaces. Actively monitor for this.
- Create a prevention-based process that holds all external vendors accountable, with continual auditing to ensure compliance with your internal policies.
- Create a next-gen security posture in mobile networks. Include app-level visibility, actionable threat intelligence and context, rules about what ‘things’ talk to and establish a mobile network protection framework.
- Add automatic enforcement updates with new protections for unknown threats as they’re discovered.
- Identify, isolate and quarantine infected devices as soon as they are detected.
- Map application rules to protect millions of things from unauthorized access or from malware/botnets.
- Ensure you securely erase data on all connected ‘things’ when they reach end-of-life or leave your ownership.
That’s a wrap-up of two of our favorite topics form MWC 2017. Thanks to all of you who stopped by our booth, talked to our representatives and saw our products in action.
If you didn’t get a chance to learn about Blancco Mobile Eraser and Mobile Diagnostics solutions at the show, you can do so online with our free demos. Click here to try Mobile Eraser and here to see our Mobile Diagnostics solution in action.