How the BYOD trend is perpetuating Advanced Persistent Threats
Much has been made this past year about Advanced Persistent Threats (APT) and, in many cases, of compromise malware that has been used to get the first foot in the door.
Legitimate user accounts are then compromised and used to exfiltrate data. Mobile device proliferation is providing more targets to attack and creating additional challenges for today's corporations.
In many instances, once one mobile device is configured with email credentials, any number of mobile devices can use those same credentials to download email. Current pressures to allow more personal smartphones and tablets on the corporate network are increasing the risk of compromise.
Many companies are not prepared to deal with this situation and often turn to draconian measures such as “factory reset” enabled via Microsoft Exchange ActiveSync to respond to incidents. This is “OK” for the company, but the employee and the employee's personal data, music, and pictures are all at risk.
More granular control is required and companies need to look for the following features in the mobile device management logic they deploy:
- Ability to apply control logic at the device layer and not just the mailbox layer. This provides control over the number and type of device allowed to connect.
- Granular wipe versus factory reset
- Ability to remotely lock and reset passwords on devices
- Ability to locate devices via GPS sensor
- Device type and count reporting capabilities
- Ability to deploy VPN policy
- Logging of administrative actions and audit capabilities
- Ability to label devices with additional attributes
- Ability to identify jailbroken (rooted) devices
With all of this “control” over an employee's property, close legal attention also is likely required. An employer's ability to track their employee's physical whereabouts 24x7 is something that both corporations and employees need to consider more deeply.