Combining technical processes and old-fashioned awareness can help agency administrators stay ahead of hackers in the mobile security game.
In government, mobile devices are both embraced and resisted. The mobility and ease of use afforded by smartphones and tablets helps boost worker productivity even as they open doors for hackers. According to research by Wandera, in 2018 there were 455,121 mobile phishing attacks, 1.9 million Wi-Fi incidents and 32,846 malware attacks.
Agencies may not be moving quickly enough to keep up with the rapidly evolving threat landscape. The Department of Homeland Security’s Continuous Diagnostics and Mitigation program, for example, provides agencies with a rigorous approach to better cybersecurity enforcement. However, a report from the Government Accountability Office indicated only four agencies have made it to Phase 3 of the CDM program, while 19 agencies haven’t even begun to implement CDM.
As government organizations continue with their CDM efforts, here are a few other strategies they can implement now to better defend against rising mobile threats.
1. Endpoint security to address sophisticated attack methods. Today, bad actors have moved beyond simple malware to more sophisticated -- and effective --
methods of attack. They’re opting for social engineering, such as mobile phishing, which research shows is harder to spot than email lures, whaling (targeting top-level executives), pretexting (attempting to gain users’ trust by asking them to provide information to confirm their identity) and baiting (the promise of something in return for providing access to a network).
To defend against these threats, agencies must implement endpoint detection that immediately alerts them to unknown or unauthorized devices on the network. Administrators can then investigate the occurrence and, if necessary, prohibit the device from accessing the network.
2. User behavioral monitoring. According to the Wandera report, in 2018 1 million smartphone or tablet lock screens were disabled, allowing hackers to bypass simple four-digit passcodes. Worse, many users never even bothered to implement lock screen protection on their personal devices.
When employees lose their devices, the chances of a hacker tapping those devices to access sensitive information rises -- which makes user behavioral monitoring particularly important. Agency administrators can develop baselines of normal device usage for each employee so that they know of any deviation from those patterns that could indicate a person’s device has been compromised.
For instance, a Defense Department employee may normally use a smartphone to access agency’s files from his office in the Pentagon. If the device starts pinging the network from Beijing at 3:00 a.m. EST, chances are the device has been lost, stolen or compromised and the activity must be investigated. The administrator can immediately lock the device out of the network before hackers have a chance to embed themselves into the network and do significant damage.
3. User access rights management. It’s a fact of life: Government workers retire and move on to other jobs. Because of an administrative oversight, some may maintain their access privileges, even after they’ve left the agency, allowing them to sign on to the network. A hacker can do the same, using a compromised account.
Keeping up with the turnover is impossible to do manually, but administrators can implement systems to automatically scan Active Directory for potentially worrisome activity. Scanning can help identify unknown users and those who may no longer warrant access to the network. Administrators can then take steps to revoke their privileges.
4. User education. Defending against mobile threats should be everyone’s responsibility, especially in a bring-your-own-device environment. Users must be informed of best practices for mobile device security and encouraged to ensure their devices are as protected as possible.
This should go beyond basic security hygiene, such as implementing strong lock screen codes or facial scanning. Users should frequently update their devices to the most recent operating systems, which likely have stronger security protections against known vulnerabilities.
Meanwhile, they should be discouraged from “jailbreaking” their devices and installing unauthorized applications. Not only does this help maintain the security assurances inherent in the device’s operating system, it can also help curb the growing challenge presented by shadow IT within government agencies.
If it seems like we’ve been talking about the mobile device threat for years, it’s because we have. Every time agency administrators come up with a technique to combat a threat, hackers do them one better. The cat-and-mouse game doesn’t show any signs of abating.
Fortunately, administrators can take steps today to improve their mobile device security postures. Employing a powerful combination of technical processes and old-fashioned awareness can keep administrators ahead of the game.
NEXT STORY: DHS cyber chief takes on ransomware