March 5, 2015 By Douglas Bonderud 3 min read

It’s no longer enough for companies to simply defend against cyberattacks. Breach after breach and vulnerability after vulnerability make it clear that enterprises are always under threat — and eventually, attackers will succeed. This drives the development of cyber resiliency strategies, which focus on finding ways for businesses to quickly recover after an attack. According to a new Good Technology report, mobile devices may now play a key role in mitigating the damage of cyberattacks. Are smartphones and tablets the new fallback?

Good Data?

While overall mobile app adoption is up 300 percent year over year, 2014 saw a 197 percent increase of secure browser use quarter over quarter and an increase of 131 percent for secure instant messaging in the same time frame. The report also noted that custom apps earned a 26 percent bump in the last quarter of 2014 and found a divide between smartphones and tablets. Instant messaging apps led the way on phones, while document editing came out in front for tablets.

There is no confusion in the data: App usage is up, but so is the development of secure alternatives to public services. Could this be the start of a paradigm shift?

Mobile Matters

Thinking of mobile devices as the agents of enhanced security rather than network risks is a strange position for enterprises because the narrative offered by IT pundits about bring-your-own-device adoption often goes like this: Smartphones and tablets are a necessary evil largely outside the control of company IT.

In fact, a recent FierceMobileIT article noted that for financial services firms, which safeguard massive amounts of personal data, mobile devices “are one of the weakest links in the security chain.” However, so-called secure custom apps — applications designed with security in mind from the ground up rather than as an afterthought — may offer a new way to enhance cyber resiliency.

The Rise of Cyber Resiliency

But why the big push for resilience over defense? Wouldn’t enterprises be better served stopping intruders at the gate rather than cleaning up the mess? Absolutely, but that’s no longer possible. Third-party devices only peripherally connected to corporate networks are now responsible for millions in retail theft, and industries from health care to entertainment to financial services are now fair game for cybercriminals.

Because of this, organizations cannot afford to close their eyes and pretend perimeter-based defenses will stop the flood of email phishing, website spoofing and app-based malware attacks. As noted by a Feb. 17 article from Data Protection Report, the Federal Financial Institutions Examination Council now recommends that companies develop strategies that focus on resiliency in the face of actual threats.

The Case for Connectivity

In a technology market plagued by persistent threats and the specter of app-driven malware, an odd savior emerges: mobile devices. Right now, they are often classified as enterprise threats, since users are willing to go around company rules to access necessary technologies or services.

However, these same points of failure offer a network of potential fallback positions. If every device with corporate access is also equipped with a secure browser and applications that automatically encrypt data or flag suspicious activity, the chances of a breach start trending down. What’s more, the response to such a breach evolves to become more timely, because each device becomes a failover point for every other offering. This gives companies the benefit of multiple recovery points in the event of an attack or compromise.

Here, the constant connectivity often scorned as mobility’s weakness becomes a strength. When apps, browsers and instant messaging clients are secure, the end result is a stronger, more resilient bottom line.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today