IT’S NOT ABOUT YOUMobile security in 2016
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Connect with us
Follow us on Twitter @NowSecureMobile
—
Subscribe to #MobSec5 our weekly mobile security news digest
http://mobsec5.nowsecure.com/
—
Visit our website https://www.nowsecure.com
Sam BakkenContent Marketing Manager@skbakken
● 7+ years marketing cybersecurity
solutions
● Managing Editor, 2014 & 2015 Trustwave
Global Security Report
Email: [email protected]
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Contents
● It ain’t about you
● Pressing issues
● Leaky / risky apps
● Mobile fragmentation
● What do you need to do?
● Questions
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Typical security defenses fail in mobile settings because they protect boundaries rather than the information itself, and mobile users do not respect traditional boundaries.
Gartner: https://www.gartner.com/doc/3158326
You’ve lost control of the perimeter.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Pressing issues
● Dual-use devices (bring-your-own-device)
● Lack of administrative access and visibility
● Malware vs. legitimate leaky/risky apps
● Complex ecosystem of vendors
○ Fragmentation
○ Updates are slow, if they come at all
In mobile security
Malware
Legitimate apps that leak
sensitive data
Cybersecurity and Cyberwar: What Everyone Needs to Know
[The] market is fragmented, with multiple makers… each with a role in security but often lacking any sense of responsibility for it.
“
”
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Announcements from Google last week
65 billion 600Apps downloaded from the Google Play store in
the past year
Android smartphone models launched in the
past year
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information.
The more popular an app (determined by downloads), the more likely it is to include a security flaw
1M-5MDownloads
5M-10MDownloads
37%
46%
50%
100K-500KDownloads
View the full report
We kill people based on metadata.
General Michael Hayden, former director of the NSA and CIA
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
The value of even seemingly trivial data
PNAS Evaluating the privacy properties of telephone metadata
“We kill people based on metadata”
General Michael Hayden, former director of the NSA and CIA
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Android fragmentation as of August 2015
Android Fragmentation Visualized (August 2015)
24,093DISTINCT DEVICES
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Distribution of Android versions from NowSecure dataset
Android Years old Users
4.2.2 2.95 3%
4.3 2.50 6%
4.4.2 2.12 42%
4.4.4 1.59 4%
5.0 1.19 7%
5.0.1 1.14 7%
5.0.2 1.09 6%
5.1 0.87 3%
5.1.1 0.76 19%
6.0.1 0.12 3%
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Prevalence of iOS versions from NowSecure Dataset
iOS Years old Percentage
7.1.2 1.56 3%
8.3 0.79 6%
8.4 0.56 4%
8.4.1 0.44 4%
9.1 0.25 6%
9.2 0.12 71%
9.2.1 0.01 6%
So what can you do about it?
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Where does mobile risk originate?
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
A simple formula for mobile security
Vet apps to ensure they don’t exceed your risk threshold
+Make sure apps are installed on
healthy endpoints
Secure apps on healthy endpoints
Learn more about mobile endpoint security
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Data you need to reduce uncertainty and increase visibilityWhat do you know, and what do you not know
1
2
3
4
5
6
What devices do employees use?
What OSs run on those devices?
What vulnerabilities exist within those OSs?
What apps do employees install on their devices?
How risky or leaky are those apps?
What destinations does your data travel to and is it encrypted?
Let’s talk
[email protected]+1 312.878.1100
@skbakken
Keep tabs on the state of mobile security. Subscribe to #MobSec5 - a collection of the week’s mobile news that matters.
Subscribe to #MobSec5 now