21
IT’S NOT ABOUT YOU Mobile security in 2016

It's not about you: Mobile security in 2016

Embed Size (px)

Citation preview

Page 1: It's not about you: Mobile security in 2016

IT’S NOT ABOUT YOUMobile security in 2016

Page 2: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.

Connect with us

Follow us on Twitter @NowSecureMobile

Subscribe to #MobSec5 our weekly mobile security news digest

http://mobsec5.nowsecure.com/

Visit our website https://www.nowsecure.com

http://twitter.com/nowsecuremobile
http://mobsec5.nowsecure.com/
http://mobsec5.nowsecure.com/
https://www.nowsecure.com
Page 3: It's not about you: Mobile security in 2016

Sam BakkenContent Marketing Manager@skbakken

● 7+ years marketing cybersecurity

solutions

● Managing Editor, 2014 & 2015 Trustwave

Global Security Report

Email: [email protected]

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.

https://twitter.com/skbakken
https://twitter.com/skbakken
Page 4: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.

Contents

● It ain’t about you

● Pressing issues

● Leaky / risky apps

● Mobile fragmentation

● What do you need to do?

● Questions

Page 5: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.

Page 6: It's not about you: Mobile security in 2016

Typical security defenses fail in mobile settings because they protect boundaries rather than the information itself, and mobile users do not respect traditional boundaries.

Gartner: https://www.gartner.com/doc/3158326

https://www.gartner.com/doc/3158326
Page 7: It's not about you: Mobile security in 2016

You’ve lost control of the perimeter.

Page 8: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.

Pressing issues

● Dual-use devices (bring-your-own-device)

● Lack of administrative access and visibility

● Malware vs. legitimate leaky/risky apps

● Complex ecosystem of vendors

○ Fragmentation

○ Updates are slow, if they come at all

In mobile security

Malware

Legitimate apps that leak

sensitive data

Page 9: It's not about you: Mobile security in 2016

Cybersecurity and Cyberwar: What Everyone Needs to Know

[The] market is fragmented, with multiple makers… each with a role in security but often lacking any sense of responsibility for it.

http://www.amazon.com/Cybersecurity-Cyberwar-Everyone-Needs-Know%C2%AE/dp/0199918112/
http://www.amazon.com/Cybersecurity-Cyberwar-Everyone-Needs-Know%C2%AE/dp/0199918112/
Page 10: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.

Announcements from Google last week

65 billion 600Apps downloaded from the Google Play store in

the past year

Android smartphone models launched in the

past year

Page 11: It's not about you: Mobile security in 2016

© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information.

The more popular an app (determined by downloads), the more likely it is to include a security flaw

1M-5MDownloads

5M-10MDownloads

37%

46%

50%

100K-500KDownloads

View the full report

https://www.nowsecure.com/resources/secure-mobile-development/
https://www.nowsecure.com/resources/mobile-security-report/en/index.html
https://www.nowsecure.com/resources/mobile-security-report/en/index.html
Page 12: It's not about you: Mobile security in 2016

We kill people based on metadata.

General Michael Hayden, former director of the NSA and CIA

http://www.nybooks.com/daily/2014/05/10/we-kill-people-based-metadata/
http://www.nybooks.com/daily/2014/05/10/we-kill-people-based-metadata/
Page 13: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.

The value of even seemingly trivial data

PNAS Evaluating the privacy properties of telephone metadata

“We kill people based on metadata”

General Michael Hayden, former director of the NSA and CIA

http://www.pnas.org/content/113/20/5536.full
http://www.pnas.org/content/113/20/5536.full
http://www.pnas.org/content/113/20/5536.full
http://www.pnas.org/content/113/20/5536.full
http://www.nybooks.com/daily/2014/05/10/we-kill-people-based-metadata/
http://www.nybooks.com/daily/2014/05/10/we-kill-people-based-metadata/
Page 14: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.

Android fragmentation as of August 2015

Android Fragmentation Visualized (August 2015)

24,093DISTINCT DEVICES

http://opensignal.com/reports/2015/08/android-fragmentation/
http://opensignal.com/reports/2015/08/android-fragmentation/
Page 15: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.

Distribution of Android versions from NowSecure dataset

Android Years old Users

4.2.2 2.95 3%

4.3 2.50 6%

4.4.2 2.12 42%

4.4.4 1.59 4%

5.0 1.19 7%

5.0.1 1.14 7%

5.0.2 1.09 6%

5.1 0.87 3%

5.1.1 0.76 19%

6.0.1 0.12 3%

Page 16: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.

Prevalence of iOS versions from NowSecure Dataset

iOS Years old Percentage

7.1.2 1.56 3%

8.3 0.79 6%

8.4 0.56 4%

8.4.1 0.44 4%

9.1 0.25 6%

9.2 0.12 71%

9.2.1 0.01 6%

Page 17: It's not about you: Mobile security in 2016

So what can you do about it?

Page 18: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.

Where does mobile risk originate?

Page 19: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.

A simple formula for mobile security

Vet apps to ensure they don’t exceed your risk threshold

+Make sure apps are installed on

healthy endpoints

Secure apps on healthy endpoints

Learn more about mobile endpoint security

https://www.nowsecure.com/blog/2016/03/21/know-your-mobile-security-score-with-the-nowsecure-protect-app/
https://www.nowsecure.com/blog/2016/03/21/know-your-mobile-security-score-with-the-nowsecure-protect-app/
https://www.nowsecure.com/blog/2016/03/21/know-your-mobile-security-score-with-the-nowsecure-protect-app/
https://www.nowsecure.com/blog/2016/03/21/know-your-mobile-security-score-with-the-nowsecure-protect-app/
Page 20: It's not about you: Mobile security in 2016

© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.

Data you need to reduce uncertainty and increase visibilityWhat do you know, and what do you not know

1

2

3

4

5

6

What devices do employees use?

What OSs run on those devices?

What vulnerabilities exist within those OSs?

What apps do employees install on their devices?

How risky or leaky are those apps?

What destinations does your data travel to and is it encrypted?

Page 21: It's not about you: Mobile security in 2016

Let’s talk

[email protected]+1 312.878.1100

@skbakken

Keep tabs on the state of mobile security. Subscribe to #MobSec5 - a collection of the week’s mobile news that matters.

Subscribe to #MobSec5 now

http://mobsec5.nowsecure.com/
http://mobsec5.nowsecure.com/
http://mobsec5.nowsecure.com/

Mobile Technology - It's a mobile world - Miami Ad School - C2

Mobile Technology - It's a mobile world - Miami Ad School - C2

Technology
Security Breach: It's not if, it's not when, it's will you know

Security Breach: It's not if, it's not when, it's will you know

Technology
TRITON Mobile Security Help - ForcepointTRITON Mobile Security Help | Mobile Security Solutions Welcome to Websense ® TRITON® Mobile Security. Mobile Se curity is a cloud-based service

TRITON Mobile Security Help - ForcepointTRITON Mobile Security Help | Mobile Security Solutions Welcome to Websense ® TRITON® Mobile Security. Mobile Se curity is a cloud-based service

Documents
Mobile security

Mobile security

Devices & Hardware
Verified security. It's worth it

Verified security. It's worth it

Documents
Mobile Security Apps - AV-TEST · PDF fileTesting mobile security Apps ... ESET MobileSecurity Norton Mobile Security QuickHeal Mobile Security Super Security Trend Micro Mobile Security

Mobile Security Apps - AV-TEST · PDF fileTesting mobile security Apps ... ESET MobileSecurity Norton Mobile Security QuickHeal Mobile Security Super Security Trend Micro Mobile Security

Documents
It's Time To Go Mobile

It's Time To Go Mobile

Documents
It's a Phone! It's a Computer! No, It's Mobile Learning! - Course Technology Computing Conference

It's a Phone! It's a Computer! No, It's Mobile Learning! - Course Technology Computing Conference

Education
MOBILE COMMUNICATION AND IT'S GENERATION

MOBILE COMMUNICATION AND IT'S GENERATION

Documents
Mobile Strategy Partners Mobile Security

Mobile Strategy Partners Mobile Security

Documents
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare

It's About the Data, Stupid: Mobile Security and BYOD for Healthcare

Documents
Mobile Video Rocks! (Too bad it's going to kill the mobile network...)

Mobile Video Rocks! (Too bad it's going to kill the mobile network...)

Technology
Website Security (WordPress) - It's About the Basics

Website Security (WordPress) - It's About the Basics

Internet
Cloud Computing - It's the security, stupid!

Cloud Computing - It's the security, stupid!

Business
Moving Targets: Assessing the Security of Mobile Devices€¦ · Mobile Security •Mobile devices have come a long way • It's not your parents' brick phone •Mobile devices have

Moving Targets: Assessing the Security of Mobile Devices€¦ · Mobile Security •Mobile devices have come a long way • It's not your parents' brick phone •Mobile devices have

Documents
Mobile First? Security First? It's a Tie and Here's Why!

Mobile First? Security First? It's a Tie and Here's Why!

Technology
It's a mobile, mobile, mobile, mobile world

It's a mobile, mobile, mobile, mobile world

Technology
Mobile Landscape - It's a mobile world - Miami Ad School - C1

Mobile Landscape - It's a mobile world - Miami Ad School - C1

Technology
Mobile App Design – It's the Rule of Thumbs!

Mobile App Design – It's the Rule of Thumbs!

Design
Mobile web vs. native apps: It's not about technology, it's about psychology

Mobile web vs. native apps: It's not about technology, it's about psychology

Technology
Golden Gekko - It's all about mobile apps

Golden Gekko - It's all about mobile apps

Design
Mobile developer: create games, it's cool and profitable

Mobile developer: create games, it's cool and profitable

Technology
Email & Mobile Theatre; It's not a phone: A future of mobile marketing

Email & Mobile Theatre; It's not a phone: A future of mobile marketing

Technology
It's a Trap! Introducing Epic Security System's

It's a Trap! Introducing Epic Security System's

Documents
Mobile security powerpoint explaining common mobile security features

Mobile security powerpoint explaining common mobile security features

Mobile
It's just not the same : mobile information literacy

It's just not the same : mobile information literacy

Education
It's a Mobile Mobile Mobile World

It's a Mobile Mobile Mobile World

Design
Mobile Payments : It's all in the pricing

Mobile Payments : It's all in the pricing

Business
It's Time to Rethink Security Operations

It's Time to Rethink Security Operations

Technology
RSA Infographics : It's A Mobile World

RSA Infographics : It's A Mobile World

Technology