With Remote Workers on the Rise, Mobile Devices Expand the Attack Surface, Exposing Critical Infrastructure and Assets

By

In 2020, society endured more social, economic, and structural pressures than ever before, and CIOs, CISOs and IT professionals were confronted with waves of challenges as they scrambled to follow work-from-home mandates and do all they could to keep their teams productive in the context of constant chaos.

Large organizations, whether government agencies or commercial enterprises, had to accelerate their digital transformations, including moving more applications to the cloud, and to identify and address new cybersecurity threats while managing distributed workforces – including the IT teams.

The growth of the mobile workforce and use of company-issued devices, or personal “BYOD” smartphones, tablets, and laptops, is not new. The mobile device management industry has continued to expand over the last two decades – but few could have imagined the urgency, scope, and scale of the conversion to a “mobile first” scenario until it happened in real time.

The accelerated pace of change required business leaders to rapidly adapt their workplace culture, to create more agile communications with customers, to increase employees’ access to tools, including access to web-based information and applications, all while ensuring that the skyrocketing dependency on mobile devices did not compromise enterprise security.

According to Gallup, the percentage of Americans working remotely more than doubled in March 2020, driven by work-from-home orders in response to the coronavirus pandemic. Most experts expect at least some of this shift to be permanent. Even those who have returned partially to the traditional workplace continue to rely on mobile devices, applications, and access to enterprise systems to get work done.

Bring-your-own-device (BYOD) is on the rise, delivering increased mobile flexibility and satisfaction for employees, while helping to reduce IT costs, enhance productivity, and improve security and control for enterprises. The market for BYOD solutions is expected to grow at a compound annual growth rate (CAGR) of 15% annually from 2020 to 2025, reaching over $430 billion in 2025 according to some industry analysts.

Mobility requires a new approach to security

The shift to a mobile-centric business environment heightens the need for enterprises to protect both company and user data from growing mobile security threats, and the adoption of mobile web, especially when 5G networks make mobile web exponentially faster than it is on earlier generation networks will only fuel the use of mobile browsers and browser-based services which are easier than traditional mobile apps, which require downloading. This includes popular cloud-based email services which, according to Trend Micro, were unable to stop over 12 million high-risk threats that bypassed built-in security of cloud-based services in 2019.

Modern security needs to cover the full range of endpoints—including BYOD devices. Enterprises need to protect their employees and their business from cyberattacks while giving employees control over their personal apps and data.

We asked Osman Erkan, founder and CEO of Isoolate, which offers advanced web and threat protection technologies, including browser isolation, how organizations can protect their assets in this new year, and he said, “More than ever, we must adopt a zero-trust approach to security, and automate the process of identifying and blocking suspicious access based on context. Employees who are under increasing pressure to get work done remotely benefit from automatic identification and blocking of suspicious access activity, and the blocking of complex threats before they result in breaches. We now have the ability to enable employees to use the web to search, research and get work done on the mobile web, while preventing data loss and other risky consequences.”

Erkan says the growth of global 5G infrastructure, enabling high-data transfer speed with low latency will make mobile interactions more attractive and will drive an exponential rise in data traffic. “When the experience of mobile web is at least as good, if not better, than the experience using fixed devices, we will see even more dynamic sessions, and adversaries will take advantage of this, as they have done with every evolution of networking and communications. Faster and more pervasive, powerful networks, on the other hand, will also make possible enhanced security, including blocking access to harmful domains and services from the start.”

Erkan categorized innovation in securing mobile devices, and supporting mobile worker productivity, into four areas: endpoint embedded threat protection (work from anywhere), SaaS application access protection (for example, Microsoft O365 and Teams), phishing protection (addressing the massive growth of sophisticated, nefarious campaigns), and access isolation (securing remote access without the need for a VPN or RDP).

“What has held IT teams back when it comes to fully protecting infrastructure and assets in an increasingly mobile work environment has been complexity and cost,” Erkan explained. “Innovation brings security directly into the browser, so SSL inspection is unnecessary.  There is no need for additional Secure Web Gateway (SWG) so security costs are reduced. Additional cost savings come from the reduction in security admin overhead as maintaining a PAC file and pushing to endpoints to route traffic to an SWG is no longer required.”

Simplicity for end-users as well as IT staff is key to success, Erkan said. “Now it takes only seconds to deploy mobile web and browser isolation capabilities, with an application downloaded from the app store”

Erkan said organizations can liberate users with a content-to-application approach. “Enabling productivity by enabling access to web-based resources while protecting users, networks, and data from risk is now not only possible but practical, and a priority as work-from-everywhere is the new normal.”


Arti Loftus is an experienced Information Technology specialist with a demonstrated history of working in the research, writing, and editing industry with many published articles under her belt.

Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Special Correspondent

SHARE THIS ARTICLE
Related Articles

Can Science Outsmart Deepfake Deceivers? Klick Labs Proposes an Emerging Solution

By: Alex Passett    3/25/2024

Researchers at Klick Labs were able to identify audio deepfakes from authentic audio recordings via new vocal biomarker technology (alongside AI model…

Read More

Top 5 Best Ways to Integrate Technology for Successful Project-Based Learning

By: Contributing Writer    3/19/2024

Project-based learning, also popularly known as the PBL curriculum, emphasizes using and integrating technology with classroom teaching. This approach…

Read More

How to Protect Your Website From LDAP Injection Attacks

By: Contributing Writer    3/12/2024

Prevent LDAP injection attacks with regular testing, limiting access privileges, sanitizing user input, and applying the proper encoding functions.

Read More

Azure Cost Optimization: 5 Things You Can Do to Save on Azure

By: Contributing Writer    3/7/2024

Azure cost optimization is the process of managing and reducing the overall cost of using Azure. It involves understanding the resources you're using,…

Read More

Massive Meta Apps and Services Outage Impacts Users Worldwide

By: Alex Passett    3/5/2024

Meta's suite of apps and services are experiencing major global outages on Super Tuesday 2024.

Read More