The rise of mobile and cloud activity is dumping more on IT’s security plate.
With major computer security breaches seemingly topping headlines every week, it’s clear that organisations need to recognise that it is not a matter of if when it comes to security breaches. It is a matter of when.
As if IT and users didn’t already have enough security threats to worry about — viruses and malware via email and the web, DDoS (Distributed Denial of Service) attacks, “phishing” emails and major code flaws in popular programs — new ways of working also mean new, additional threats to contend with.
Here’s a quick look at three of these new and emerging tech security threats, and ways that IT can work to prevent or respond to incidents.
The growing capabilities of our mobile devices (and increased access to Wi-Fi through public wireless Internet service) are a key component of information mobility. Being computer-productive while away from the desktop PC and the office LAN is great for business. But this growing reliance on mobile devices also means more potential vulnerabilities beyond IT’s direct control:
- Bring your own device (BYOD), or user-owned devices, can be harder for IT to protect against threats like physical theft and malware and virus infection via email, web and other applications.
- Public Wi-Fi offers breach “opportunities,” ranging from rogue (imposter) hotspots that can intercept user connections, to “packet sniffing” — eavesdropping on unprotected or insufficient protected user traffic.
What can your IT department do?
- Use mobile device management (MDM) for company-owned mobile devices as well as employee-owned BYODs.
- Use tools and services to ensure employees are only connecting to authorised, non-“rogue” hotspots, going to the correct destinations (as opposed to sites pretending to be them), and using VPNs and/or other encryption for all connections and traffic.
- Help ensure all mobile devices are running security software, and using strong security settings and precautions.
Infected USB flash drives
Free USB flash drives are one of the more useful event giveaways these days. Some may be a paltry 1GB, but it’s not hard to find them in up to the 16GB range — big enough to use as portable boot drives or other enterprise file stashes.
These can be dangerous and filled with malware and subvert that can your security.
According to InfoWorld’s Roger Grimes1, the “BadUSB” worm firmware exploit is a prime example of this. “The malicious code is planted in the USB’s firmware, which is executed when the device is plugged into a host,” writes Grimes. “The host can’t detect the firmware code, but the firmware’s code can interact with and modify software on the host computer.”
So what can users do to allow them to safely read and repurpose flash drives?
Pragmatically, “when in doubt, don’t read from or re-use them,” says Henderson. “There are some USB drive attacks that can subvert even the strongest antivirus applications.” Instead, go directly to the source: the organisation’s website. There, you should be able to download the information that you are looking for. Or, simply contact them directly for the file(s).
Insecurity in the cloud