March 5, 2015 By Douglas Bonderud 3 min read

It’s no longer enough for companies to simply defend against cyberattacks. Breach after breach and vulnerability after vulnerability make it clear that enterprises are always under threat — and eventually, attackers will succeed. This drives the development of cyber resiliency strategies, which focus on finding ways for businesses to quickly recover after an attack. According to a new Good Technology report, mobile devices may now play a key role in mitigating the damage of cyberattacks. Are smartphones and tablets the new fallback?

Good Data?

While overall mobile app adoption is up 300 percent year over year, 2014 saw a 197 percent increase of secure browser use quarter over quarter and an increase of 131 percent for secure instant messaging in the same time frame. The report also noted that custom apps earned a 26 percent bump in the last quarter of 2014 and found a divide between smartphones and tablets. Instant messaging apps led the way on phones, while document editing came out in front for tablets.

There is no confusion in the data: App usage is up, but so is the development of secure alternatives to public services. Could this be the start of a paradigm shift?

Mobile Matters

Thinking of mobile devices as the agents of enhanced security rather than network risks is a strange position for enterprises because the narrative offered by IT pundits about bring-your-own-device adoption often goes like this: Smartphones and tablets are a necessary evil largely outside the control of company IT.

In fact, a recent FierceMobileIT article noted that for financial services firms, which safeguard massive amounts of personal data, mobile devices “are one of the weakest links in the security chain.” However, so-called secure custom apps — applications designed with security in mind from the ground up rather than as an afterthought — may offer a new way to enhance cyber resiliency.

The Rise of Cyber Resiliency

But why the big push for resilience over defense? Wouldn’t enterprises be better served stopping intruders at the gate rather than cleaning up the mess? Absolutely, but that’s no longer possible. Third-party devices only peripherally connected to corporate networks are now responsible for millions in retail theft, and industries from health care to entertainment to financial services are now fair game for cybercriminals.

Because of this, organizations cannot afford to close their eyes and pretend perimeter-based defenses will stop the flood of email phishing, website spoofing and app-based malware attacks. As noted by a Feb. 17 article from Data Protection Report, the Federal Financial Institutions Examination Council now recommends that companies develop strategies that focus on resiliency in the face of actual threats.

The Case for Connectivity

In a technology market plagued by persistent threats and the specter of app-driven malware, an odd savior emerges: mobile devices. Right now, they are often classified as enterprise threats, since users are willing to go around company rules to access necessary technologies or services.

However, these same points of failure offer a network of potential fallback positions. If every device with corporate access is also equipped with a secure browser and applications that automatically encrypt data or flag suspicious activity, the chances of a breach start trending down. What’s more, the response to such a breach evolves to become more timely, because each device becomes a failover point for every other offering. This gives companies the benefit of multiple recovery points in the event of an attack or compromise.

Here, the constant connectivity often scorned as mobility’s weakness becomes a strength. When apps, browsers and instant messaging clients are secure, the end result is a stronger, more resilient bottom line.

More from

How CTEM is providing better cybersecurity resilience for organizations

4 min read - Organizations today continuously face a number of fast-moving cyber threats that regularly challenge the effectiveness of their cybersecurity defenses. However, to keep pace, businesses need a proactive and adaptive approach to their security planning and execution.Cyber threat exposure management (CTEM) is an effective way to achieve this goal. It provides organizations with a reliable framework for identifying, assessing and mitigating new cyber risks as they materialize.The importance of developing cybersecurity resilienceRegardless of the industry, all organizations are subject to certain…

Insights from CISA’s red team findings and the evolution of EDR

3 min read - A recent CISA red team assessment of a United States critical infrastructure organization revealed systemic vulnerabilities in modern cybersecurity. Among the most pressing issues was a heavy reliance on endpoint detection and response (EDR) solutions, paired with a lack of network-level protections. These findings underscore a familiar challenge: Why do organizations place so much trust in EDR alone, and what must change to address its shortcomings? EDR’s double-edged sword A cornerstone of cyber resilience strategy, EDR solutions are prized for…

Is the water safe? The state of critical infrastructure cybersecurity

4 min read - On September 25, CISA issued a stark reminder that critical infrastructure remains a primary target for cyberattacks. Vulnerable systems in industrial sectors, including water utilities, continue to be exploited due to poor cyber hygiene practices. Using unsophisticated methods like brute-force attacks and leveraging default passwords, threat actors have repeatedly managed to compromise operational technology (OT) and industrial control systems (ICS).Attacks on the industrial sector have been particularly costly. The 2024 IBM Cost of a Data Breach report found the average total…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today