The workforce is changing, and organizations that don’t change with it will be left behind.
By 2020, millennials will make up nearly half (46 percent) of the workforce, and mobile employees are projected to account for 72 percent of the workforce. Even today, more than 60 percent of workers say they work outside the office at least part time.
Millennials have grown up in the age of smartphones and tablets. As this generation completes its transition into the workforce, young people are bringing with them firm expectations that they will be able to work how they want, where they want and when they want, using the device they prefer.
Historically, the adoption of mobility solutions has faced resistance, with some organizations not wanting to put enterprise data at risk by making it available outside of the office. But this position is becoming untenable.
As mobility becomes virtually inevitable, security and risk management teams must be prepared to secure mobile deployments.
“Mobile is the new playground for criminals,” says Raj Samani, chief scientist at McAfee. “When you compare against laptops and desktop computers, the level of coverage with regard to security programs for mobile devices is very, very low. They are like sieves in our pockets.”
Many IT managers are unaware of the full extent of their mobile environments, including the number of mobile applications their users employ.
“People think, ‘I’ve got 10 apps, or 50, or 100,’” says David Jevans, former vice president of mobile security at Proofpoint. “But when you multiply that by your employee base, you’ll be blown away. It is not unusual for us to go into an enterprise, turn on our mobile threat defense product and see 60,000 different apps. People’s eyes get wide open.”
The proliferation of mobile apps represents a huge vulnerability for organizations, as apps with malicious code can pop up even in legitimate app stores — and are ubiquitous in third-party stores, where users sometimes wander to look for free versions of paid apps.
“Maybe your kids use your device to go to a third-party app store and download a new game that’s not available in the U.S. yet,” Jevans says. “That’s how these infections get into the enterprise.”
Phishing and ransomware — threats that have long caused headaches for organizations — are now spilling over into the mobile space. Mobile ransomware is seen as less of a threat than a PC-based attack, because mobile ransomware typically locks up individual devices, rather than paralyzing entire systems.
Still, the threat is growing exponentially, with security vendor Trend Micro finding that the number of unique Android ransomware threats was 15 times higher in June 2016 than in April 2015. And phishing threats are only growing more sophisticated.
“It’s evolved from phishing to whaling,” says Jeff Falcon, principal security solution architect for CDW. “Attackers are deliberately going after someone specific, someone with a ‘C’ in their title, and they’re bringing elements of social psychology and fear to trick them into doing something that they shouldn’t be doing.”