With Remote Workers on the Rise, Mobile Devices Expand the Attack Surface, Exposing Critical Infrastructure and Assets

By

In 2020, society endured more social, economic, and structural pressures than ever before, and CIOs, CISOs and IT professionals were confronted with waves of challenges as they scrambled to follow work-from-home mandates and do all they could to keep their teams productive in the context of constant chaos.

Large organizations, whether government agencies or commercial enterprises, had to accelerate their digital transformations, including moving more applications to the cloud, and to identify and address new cybersecurity threats while managing distributed workforces – including the IT teams.

The growth of the mobile workforce and use of company-issued devices, or personal “BYOD” smartphones, tablets, and laptops, is not new. The mobile device management industry has continued to expand over the last two decades – but few could have imagined the urgency, scope, and scale of the conversion to a “mobile first” scenario until it happened in real time.

The accelerated pace of change required business leaders to rapidly adapt their workplace culture, to create more agile communications with customers, to increase employees’ access to tools, including access to web-based information and applications, all while ensuring that the skyrocketing dependency on mobile devices did not compromise enterprise security.

According to Gallup, the percentage of Americans working remotely more than doubled in March 2020, driven by work-from-home orders in response to the coronavirus pandemic. Most experts expect at least some of this shift to be permanent. Even those who have returned partially to the traditional workplace continue to rely on mobile devices, applications, and access to enterprise systems to get work done.

Bring-your-own-device (BYOD) is on the rise, delivering increased mobile flexibility and satisfaction for employees, while helping to reduce IT costs, enhance productivity, and improve security and control for enterprises. The market for BYOD solutions is expected to grow at a compound annual growth rate (CAGR) of 15% annually from 2020 to 2025, reaching over $430 billion in 2025 according to some industry analysts.

Mobility requires a new approach to security

The shift to a mobile-centric business environment heightens the need for enterprises to protect both company and user data from growing mobile security threats, and the adoption of mobile web, especially when 5G networks make mobile web exponentially faster than it is on earlier generation networks will only fuel the use of mobile browsers and browser-based services which are easier than traditional mobile apps, which require downloading. This includes popular cloud-based email services which, according to Trend Micro, were unable to stop over 12 million high-risk threats that bypassed built-in security of cloud-based services in 2019.

Modern security needs to cover the full range of endpoints—including BYOD devices. Enterprises need to protect their employees and their business from cyberattacks while giving employees control over their personal apps and data.

We asked Osman Erkan, founder and CEO of Isoolate, which offers advanced web and threat protection technologies, including browser isolation, how organizations can protect their assets in this new year, and he said, “More than ever, we must adopt a zero-trust approach to security, and automate the process of identifying and blocking suspicious access based on context. Employees who are under increasing pressure to get work done remotely benefit from automatic identification and blocking of suspicious access activity, and the blocking of complex threats before they result in breaches. We now have the ability to enable employees to use the web to search, research and get work done on the mobile web, while preventing data loss and other risky consequences.”

Erkan says the growth of global 5G infrastructure, enabling high-data transfer speed with low latency will make mobile interactions more attractive and will drive an exponential rise in data traffic. “When the experience of mobile web is at least as good, if not better, than the experience using fixed devices, we will see even more dynamic sessions, and adversaries will take advantage of this, as they have done with every evolution of networking and communications. Faster and more pervasive, powerful networks, on the other hand, will also make possible enhanced security, including blocking access to harmful domains and services from the start.”

Erkan categorized innovation in securing mobile devices, and supporting mobile worker productivity, into four areas: endpoint embedded threat protection (work from anywhere), SaaS application access protection (for example, Microsoft O365 and Teams), phishing protection (addressing the massive growth of sophisticated, nefarious campaigns), and access isolation (securing remote access without the need for a VPN or RDP).

“What has held IT teams back when it comes to fully protecting infrastructure and assets in an increasingly mobile work environment has been complexity and cost,” Erkan explained. “Innovation brings security directly into the browser, so SSL inspection is unnecessary.  There is no need for additional Secure Web Gateway (SWG) so security costs are reduced. Additional cost savings come from the reduction in security admin overhead as maintaining a PAC file and pushing to endpoints to route traffic to an SWG is no longer required.”

Simplicity for end-users as well as IT staff is key to success, Erkan said. “Now it takes only seconds to deploy mobile web and browser isolation capabilities, with an application downloaded from the app store”

Erkan said organizations can liberate users with a content-to-application approach. “Enabling productivity by enabling access to web-based resources while protecting users, networks, and data from risk is now not only possible but practical, and a priority as work-from-everywhere is the new normal.”


Arti Loftus is an experienced Information Technology specialist with a demonstrated history of working in the research, writing, and editing industry with many published articles under her belt.

Edited by Maurice Nagle

Special Correspondent

SHARE THIS ARTICLE
Related Articles

Supply Chain Crisis Intensifies as Nobelium Activity Returns

By: Luke Bellos    10/25/2021

Microsoft issues urgent public warning that Russian hacking group Nobelium is attempting to exploit the current supply chain crisis.

Read More

Important Business Tips: The Benefits of Cloud Storage

By: Contributing Writer    10/25/2021

Cloud storage refers to the hosting of applications and data on the cloud instead of the physical hardware of a computer. It is a great way to cut dow…

Read More

VR and Biometrics in Banks

By: Contributing Writer    10/19/2021

During the pandemic, many banks again took up immersive technologies - some train employees on 360° video, and some sell mortgage apartments through V…

Read More

Digital Identity: An Introduction to the New Normal

By: Contributing Writer    10/19/2021

The evolution and our understanding of digital identity has led to an increased implementation of this structure. Here is a breakdown of digital ident…

Read More

5 Practical Data Loss Prevention Tips for Small Businesses

By: Contributing Writer    10/15/2021

Data is an invaluable asset for any organization. If you mismanage or lose data, you could experience hefty financial losses, lawsuits, ruined cust…

Read More