Part 1 – How Cloud Apps Are Making Businesses More (and Less) Secure

Cloud Apps Security

Today, more than ever before, employees are working while on-the-go. The ease with which a worker can enjoy a coffee-café latte in one hand and click “send” with the other is made possible by the explosion of mobile devices and mobile cloud-based applications. According to IDC, more than 96.2 million mobile employees are taking advantage of the mobility offered by today’s technologies.

Cloud-based Apps and the Mobile-Worker

To best protect these users while mobile, companies need to change their security strategy.

Traditionally, businesses have invested heavily in securing their infrastructure and endpoints— the security of the data lies within the four walls.

These walls quickly become ineffective when using cloud-based apps. Your firewall and network monitoring solutions? Traffic flies right through. Endpoint software? On a phone? Even if AV companies had software to install, will your users even install it?

Last, migration to cloud apps makes passwords (and related authentication solutions) the key to any security strategy. A loss of a password to an attacker can be detrimental. Regardless of whether they are using laptops, tablets, or phones, employees are using passwords that need to be protected. Passwords have become the key battleground for cloud-enabled organizations.

Mobile Worker Attack Methods

We’ve seen a sharp increase in two types of attacks focused on mobile workers that are trying to steal credentials. In addition, mobile devices continue to be prime targets for Malware attacks.

Proximity-focused attacks: In this type of attack, a cybercriminal creates a fake wireless access point in a public area, such as an airport, in the hopes of tricking their victims into connecting. Mobile workers searching through the longlist of airport Wi-Fi options until they find one that doesn’t require a password may be susceptible to this attack method. Hackers will set up a fake network service in hopes a user will click on it, giving the attacker access to much of the sensitive information and credentials from the device.

Phishing attacks: With a phishing attack, a cyber-criminal usually generates a fake email pretending to be someone they’re not and requests money, passwords or account numbers to take over a victim’s finances, steal sensitive information or hold their account hostage until a ransom is paid. While mobile devices receive phishing attacks via email, they can also receive them from text messages, communications apps, social media and practically anywhere a mobile device can receive a message. This not only increases the number of phishing attacks on mobile devices but the susceptibility of users falling victim to this type of attack.

Malvertising and malware attacks: We have observed a sharp increase in attackers buying malicious ads and getting them placed on high-traffic websites. These ads find Vulnerabilities in browser software and then exploit the system to install ransomware or more persistent malware. According to Nokia’s global Threat Intelligence Report, 2016 saw the highest level of mobile device malware infections since 2012 with smartphone malware infections rising nearly 400 percent.

The explosion of mobile workers is pushing companies to develop cloud-based security for their mobile devices. In the next article, I’ll talk about what those security strategies should look like.

By Todd O’Boyle

Threat Security
Azure Red Hat OpenShift: What You Should Know What Is Azure Red Hat OpenShift? Red Hat OpenShift provides a Kubernetes platform for enterprises. Azure Red Hat OpenShift permits you to deploy fully-managed OpenShift clusters in ...
Adam Cole
Mitigating Regulatory Risk Some of the great business opportunities for Unified Communications as a Service (UCaaS) integrators and Value-Added Resellers (VARs) have been the emergence of cloud, telephony and Unified Communications (UC) technologies such as ...
Martin Mendelsohn
The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
Bitcoin electricity
Bitcoin Heating? Bitcoin mining or cryptocurrency mining has been widely vilified for it’s environmental impact. Why it does draw a huge amount of energy, more and more of it is coming from renewable sources and ...
Shireesh Thota
Here’s How to Position Your Organization for the Era of Data Intensity We live in a data-intensive era. Data is booming. Companies are realizing that data is one of the most important assets and they ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.