It’s no longer enough for companies to simply defend against cyberattacks. Breach after breach and vulnerability after vulnerability make it clear that enterprises are always under threat — and eventually, attackers will succeed. This drives the development of cyber resiliency strategies, which focus on finding ways for businesses to quickly recover after an attack. According to a new Good Technology report, mobile devices may now play a key role in mitigating the damage of cyberattacks. Are smartphones and tablets the new fallback?
While overall mobile app adoption is up 300 percent year over year, 2014 saw a 197 percent increase of secure browser use quarter over quarter and an increase of 131 percent for secure instant messaging in the same time frame. The report also noted that custom apps earned a 26 percent bump in the last quarter of 2014 and found a divide between smartphones and tablets. Instant messaging apps led the way on phones, while document editing came out in front for tablets.
There is no confusion in the data: App usage is up, but so is the development of secure alternatives to public services. Could this be the start of a paradigm shift?
Thinking of mobile devices as the agents of enhanced security rather than network risks is a strange position for enterprises because the narrative offered by IT pundits about bring-your-own-device adoption often goes like this: Smartphones and tablets are a necessary evil largely outside the control of company IT.
In fact, a recent FierceMobileIT article noted that for financial services firms, which safeguard massive amounts of personal data, mobile devices “are one of the weakest links in the security chain.” However, so-called secure custom apps — applications designed with security in mind from the ground up rather than as an afterthought — may offer a new way to enhance cyber resiliency.
The Rise of Cyber Resiliency
But why the big push for resilience over defense? Wouldn’t enterprises be better served stopping intruders at the gate rather than cleaning up the mess? Absolutely, but that’s no longer possible. Third-party devices only peripherally connected to corporate networks are now responsible for millions in retail theft, and industries from health care to entertainment to financial services are now fair game for cybercriminals.
Because of this, organizations cannot afford to close their eyes and pretend perimeter-based defenses will stop the flood of email phishing, website spoofing and app-based malware attacks. As noted by a Feb. 17 article from Data Protection Report, the Federal Financial Institutions Examination Council now recommends that companies develop strategies that focus on resiliency in the face of actual threats.
The Case for Connectivity
In a technology market plagued by persistent threats and the specter of app-driven malware, an odd savior emerges: mobile devices. Right now, they are often classified as enterprise threats, since users are willing to go around company rules to access necessary technologies or services.
However, these same points of failure offer a network of potential fallback positions. If every device with corporate access is also equipped with a secure browser and applications that automatically encrypt data or flag suspicious activity, the chances of a breach start trending down. What’s more, the response to such a breach evolves to become more timely, because each device becomes a failover point for every other offering. This gives companies the benefit of multiple recovery points in the event of an attack or compromise.
Here, the constant connectivity often scorned as mobility’s weakness becomes a strength. When apps, browsers and instant messaging clients are secure, the end result is a stronger, more resilient bottom line.