Post-Christmas influx of new mobile devices poses enterprise security threat, warns EY
Businesses must ensure BYOD is properly managed, argues Massimo Cotrozzi, director of cyber crime investigations at EY
Businesses must ensure that the many new smartphones and tablets that employees bring to work following the Christmas break are properly secured, otherwise they could be offering computer hackers and cyber criminals an easy way to steal sensitive data.
That's the warning from advisory services firm EY, which fears that many enterprises are still unprepared for a cyber attack.
EY warns that the swathes of new devices that have been connected to enterprise networks since the New Year will introduce further vulnerabilities into computer systems.
"The new smart mobile/tablet and wearable tech that employees bring into the office could be now connecting via the corporate wireless networks to external cloud systems which, in the best case, have not been appropriately protected, let alone tested," said Massimo Cotrozzi, director of cyber crime investigations at EY.
"Organisations that are unprepared could be caught napping while hackers are getting in, using employee devices, via the back door," he added.
Cotrozzi said that the various well-publicised security breaches of 2014 - such as the iCloud celebrity nude photo hack, or the cyber attacks against Sony - show how cyber criminals will use any means possible to obtain information, and are often a step ahead of the enterprise.
"The scale of high-profile cyber attacks in 2014 has demonstrated that hackers are willing to use innovative means to achieve their goals and this is likely to include targeting employee devices and infecting them with malware," he said, before going on to suggest some methods that businesses can employ to boost cyber security.
"By taking a proactive approach, in terms of financial investment as well as monitoring threats and detecting breaches before they can impact the business, businesses can better understand where the risk for their particular organisation lies, and who's likely to be targeting them, whether it's hacktivists, organised crime or other entities," he said.
Cotrozzi also advised organisations to have a plan in place to cope with the aftermath of a successful breach.
"Businesses also need to be prepared for when the worst occurs and have a clear strategy to respond to and clean up after an attack," he said.
"Employees must understand how to preserve evidence left by the perpetrators and must also establish contingencies to deliver an instant response to reassure customers and prevent reputational damage," Cotrozzi concluded.
According to Gartner analysts, more than three-quarters of mobile applications for smartphones and tablets will fail basic security tests in 2015.