NIST report encourages “wider view” of mobile security ecosystem
The National Institute of Standards and Technology (NIST) has released a new resource which aims to help organisations protect their systems from mobile threats.
The paper, which is currently at a draft stage and is requesting feedback, lists potential threats in a variety of areas, from authentication to supply chains, physical access to payments, as well as network protocols and infrastructure.
“Mobile devices pose a unique set of threats, yet typical enterprise protections fail to address the larger picture,” the report’s abstract explains. “In order to fully address the threats presented by mobile devices, a wider view of the mobile security ecosystem is necessary.”
Plenty of discussion around enterprise mobile security is at the device level, or further up, at the app level. Indeed, research released earlier this week from NetEnrich found that four in 10 companies surveyed had suffered a loss of key corporate data from a mobile device, which proves that work still need to be done on that side. But the key to the NIST publication is getting on top of the nooks and crannies which aren’t obvious at first sight.
“Often, IT shops or security managers will address or secure the apps on a phone and protect the operating system from potential threats,” said Joshua Franklin, NIST cybersecurity engineer. “But there is a much wider range of threats that need to be addressed. For example, enterprise security teams often don’t focus on the cellular radios in smartphones, which, if not secured, can allow someone to eavesdrop on your CEO’s calls.”
The report outlines Wi-Fi, Bluetooth, NFC, SIMs, as well as the wider mobile ecosystem – “mobile devices do not exist in a vacuum” – as the report notes. The full report, ‘Assessing Threats to Mobile Devices and Infrastructure’, can be found here. Feedback needs to be submitted by October 12.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » Three ways IT can mitigate DNS security threats: A guide
- » More than half of workers polled experience mobile issues at least once a month, survey argues
- » Unqork and Celigo secure combined $100m funding to bolster enterprise integration software
- » Organisations still trying to find sweet spot between innovation and security focus, argues CompTIA
- » Most outages can potentially be avoided, argues IT – yet the business side is pessimistic