Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Employees Slacking on Security of Their Mobile Devices
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
4/29/2014 | 8:49:41 AM
Re: More than just device security
Speaking from an employee/user perspective, I think you needa combination of awareness and easy to use tools. I am well aware of the dangers stemming from mobility but if the tools my company gives me to securely manage my mobile devices are too cumbersome, the daily demands of my job will take precidence...
Robert McDougal
Robert McDougal,
User Rank: Ninja
4/25/2014 | 2:41:45 PM
Re: More than just device security
Unfortunately, no amount of education will make people voluntarily care about security.  In order to secure personal devices you have one of two options, either force the security using a program such as MaaS 360, Good Mobile, etc. or make the person share in the liability.  
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
4/25/2014 | 2:32:51 PM
user apathy or lousy MDM?
With 45% of employees accessing sensitive corporate data on their personal devices via unsecured wifi, either they have no clue, don't care, or their corporate policy and management of mobile is weak. That's a lot of airport WiFi exposure...
GonzSTL
GonzSTL,
User Rank: Ninja
4/25/2014 | 2:08:18 PM
BYOD
BYOD - every security manager's nightmare. If any work related thing would keep me up at night, that is it. Both a curse and a boon to organizations, its wide ranging impacts are a formidable challenge.
kobrien82
kobrien82,
User Rank: Apprentice
4/25/2014 | 12:57:53 PM
More than just device security
One of the most telling points from this is about the proliferation of apps on devices that serve dual-duty as personal and professional account access points. We often see that employees bring a device with them into work; in organizations using public cloud services, the apps they then install on that device are frequently given tremendous amounts of access to highly sensitive organizational data via the user's work accounts. 

BYOD and what it represents (access, employee autonomy, mobility, etc.) are indicative of new threats and risks in the security world, and there's often a pretty significant delay between the emergence of risk and a decent response. Andrew Rose from Forrester wrote about this just yesterday - more than 60% of most employees they surveyed have no sense of personal responsibility for the enforcement of security policy at all, let alone on devices that they perceive of as their own. 

What's needed is a better mechanism for visiblity into these risk points, and an undertanding of how to distinguish productive and risky behavior within them. Until that happens, there's no chance of bringing the security/user gap.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30333
PUBLISHED: 2022-05-09
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
CVE-2022-23066
PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
CVE-2022-28463
PUBLISHED: 2022-05-08
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-28470
PUBLISHED: 2022-05-08
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVE-2022-1620
PUBLISHED: 2022-05-08
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.