Endpoint security and remote work

This is part one of a three-part series, written by an independent guest blogger. Please keep an eye out for the next blog in this series.

Remote work is the new reality for companies of all sizes and across every industry.  As the majority of employees now perform their job functions outside the technology ecosystem of their local office, the cybersecurity landscape has evolved with the adoption of terms such as Zero Trust and Secure Services Edge (SSE).  To accommodate this new landscape, organizations have undergone fundamental changes to allow employees to work from anywhere, using any device, and many times at the expense of data security. As a result, a paradigm shift has occurred that demonstrates employees are increasingly dependent on their smartphones and tablets which have jointly become the new epicenter of endpoint security.

This next-level dependence on mobile devices is consistent across the remote work environment.  There are countless anecdotes about the new reality of hybrid work.  For example, workers using personal tablets to access sensitive data via SaaS apps, or taking a work Zoom call while waiting in the school pickup line.   The constant for each of these stories has been the overwhelming preference to use whatever device is available to complete the task at hand. Therefore, it is extremely logical that bad actors have pivoted to mobile to launch their attacks given the overwhelming use of non-traditional endpoints to send email, edit spreadsheets, update CRMs and craft presentations.  

4.32B Active Mobile Internet Users

56.89% Mobile Internet Traffic as Share of Total Global Online Traffic

Although the experience paradigm quickly changed with the adoption of remote work, the perception of mobile devices as a risk vector has been more gradual for most customers. In fact, Gartner estimates that only 30% of enterprise customers currently employ a mobile threat detection solution.  Many organizations still assume that their UEM solution provides security or that iOS devices are already safe enough. The most shocking feedback from customers indicates that they historically haven’t seen attacks on mobile, so they have no reason to worry about it.  Given this mindset, it’s again no surprise that hackers have trained their focus on mobile as their primary attack vector and entry point to harvest user credentials.

  • 16.1 % of Enterprise Devices Encountered one (or more) Phishing or Malicious links in 3Q2021 globally
  • 51.2% of Personal Devices Encountered one (or more) Phishing or Malicious links in 3Q2021 globally.

What this mindset reveals is a certain naivete from many organizations, regardless of size or industry, that believe mobile devices do not present significant risk and therefore don’t need to be considered in their data security and compliance strategies. This oversight points to two separate tenants that must be addressed when protecting sensitive data via mobile devices:

Endpoint security is an absolute requirement to protect sensitive data and it includes laptops, desktops, and mobile devices

There isn’t a single business that would issue a laptop to an employee without some version of anti-virus or anti-malware security installed yet most mobile devices have no such protections.  The primary explanation for this is that organizations think mobile device management is the same as mobile endpoint security.  While device management tools are capable of locking or wiping a device, they lack the vast majority of capabilities necessary to proactively detect threats. Without visibility into threats like mobile phishing, malicious network connections, or advanced surveillanceware like Pegasus, device management falls far short of providing the necessary capabilities for true mobile security.

Even cybersecurity thought leaders sometimes overlook the reality of cyber-attacks on mobile.  In a recent blog, “5 Endpoint Attacks Your Antivirus Won’t Catch”, the entire story was exclusive to the impact on traditional endpoints even though rootkits and ransomware are just as likely to occur on mobile. 

Traditional security tools do not inherently protect mobile devices

Given the architectural differences that exist between mobile operating systems (iOS/Android) and traditional endpoint OS (MacOS, Windows, Linux, etc.), the methods for securing them are vastly different.  These differences inhibit traditional endpoint security tools, which are not purpose-built for mobile, from providing the right level of protection. 

This is especially true when talking about the leading EPP/EDR vendors such as Carbon Black, SentinelOne and Crowdstrike.  Their core functionality is exclusive to traditional endpoints, although the inclusion of mobile security elements to their solutions is trending.  We’re seeing strategic partnerships emerge and it’s expected that the mobile security and traditional endpoint security ecosystems will continue to merge as customers look to consolidate vendors. 

What’s more is that there are so many ways that users interact with their smartphones and tablets that are unique to these devices. For example, a secure email gateway solution can’t protect against phishing attacks delivered via SMS or QR codes. Also, can you identify all of your devices (managed and unmanaged) that are subject to the latest OS vulnerability that was just identified and needs to be patched immediately?  Did one of your engineers just fall victim to a man-in-the-middle attack when they connected to a malicious WiFi network at a random coffee shop?  These are just some of the examples of the threats and vulnerabilities that can only be mitigated with the use of a mobile endpoint security tool, dedicated to protecting mobile endpoints.

The acceleration of remote work and the “always-on” productivity that's expected has shifted your employees’ preferences for the devices they use to get work done.   Reading email, sending an SMS rather than leaving a voicemail (who still uses voicemail?), and the fact that just about every work-related application now resides in the cloud has changed how business is transacted.  This pivot to mobile has already occurred. It’s well past time that companies acknowledge this fact and update their endpoint security posture to include mobile devices.  

If you would like to learn more or are interested in a Mobile Security Risk Assessment to provide visibility into the threat landscape of your existing mobile fleet, please click here or contact your local AT&T sales team.           

Article Link: Endpoint security and remote work | AT&T Cybersecurity