Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/4/2012
02:18 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CSA Releases Top Mobile Threats Report -- Data Loss Ranks Top Concern With Execs

In addition to identifying top threats, respondents also indicated a couple of additional concerns

San Francisco, CA – October 4, 2012 – The Cloud Security Alliance (CSA) Mobile Working Group today released findings from a new survey that calls out the specific security concerns enterprise executives say are the real and looming threats as it relates to mobile device security in the enterprise environment. The new report, titled Top Mobile Threats, is a result of a survey of more than 200 enterprise participants representing 26 countries globally. The survey serves as an important first step in a larger effort to provide industry guidance on where enterprises should place their resources and focus when it comes to addressing mobile security threats.

With the rapid adoption of mobile computing, and immediate connection to cloud computing, the CSA established the Top Threats to Mobile Computing research discipline, in addition to the current Top Threats to Cloud Computing, to provide its membership with specific data on how the security community views such threats.

"Personally owned mobile devices are increasingly being used to access employers' systems and cloud-hosted data, both via browser-based and native mobile applications. This without a doubt is a tremendous concern for enterprises worldwide, " said John Yeoh, Research Analyst for the Cloud Security Alliance. "The results of this research will play an important role as we set out to develop much needed guidance on where time, talent and money should be placed when it comes to addressing mobile security threats."

Rank of Top Mobile Threats

1. Data loss from lost, stolen or decommissioned devices

2. Information-stealing mobile malware

3. Data loss and data leakage through poorly written third-party applications

4. Vulnerabilities within devices, OS, design and third-party applications. Insecure Wifi network or rogue access points

5. Insecure WiFi, network access and rogue access points.

6. Insecure or rogue marketplaces

7. Insufficient management tools, capabilities and access to APIs (includes personas).

8. NFC and proximity-based hacking.

"The results of the CSA Mobile Working Group survey are testament to the security threats that mobile devices introduce to the corporate network," said Patrick Harding, CTO, Ping Identity. "With more and more enterprises adopting a BYOD model, it is critical that mobile devices adhere to the same corporate security policies as other devices and that proper identity and access management processes are put in place to ensure the security and integrity of the organization."

The results in the Top Threats to Mobile Computing report, which focused on those threats posed by smartphones and tablets, are intended to aid information security professionals and educate the industry about security concerns. In addition to identifying top threats, respondents also indicated a couple of additional concerns with 64% of respondents believing that NFC and proximity-based hacking will happen in 2013. Also 81% of respondents believe that insecure WiFi and rogue access points are already happening today. This is of particular concern as the proliferation of mobile devices consequently increases the use of and reliance on WiFi networks.

"The CSA Mobile Working Group findings highlight the threats that experts in the field find to be the most critical. There are few stronger indications of where we should be focused that that," said Dan Hubbard, CTO of OpenDNS. "As we move further into an era where mobile computing is ubiquitous, we're seeing an entirely new threat landscape that involves newer concerns like lost devices and rogue marketplaces, but also a heightened level of concern over insecure public WiFi as we rely more and more on access as we travel."

The CSA Mobile working group is responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point. The CSA invites interested companies and individuals to support the group's research and initiatives. Companies and individuals interested in learning more or joining the group can visit https://cloudsecurityalliance.org/research/mobile/

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...