September 10, 2015 By Caleb Barlow 3 min read

Yesterday in San Francisco, Apple launched the iPhone 6S and iPhone 6S Plus alongside iOS 9. While tweens may be thrilled with the new rose gold color option, as a passionate security advocate, I’m much more excited about the positive mobile security changes iOS 9 will likely bring about.

Apple will now default its devices to six-digit passcodes instead of four — a move that’s two small steps for users but one giant leap forward for mobile security as a whole. With the addition of two digits, iDevices will instantly become tougher for cybercriminals to crack, now thwarting them with 1 million possible combinations versus the previous 10,000.

What Do Passcodes Mean for Businesses?

This bold move by Apple serves as an opportunity — and a wakeup call — for companies to refresh and strengthen their own current bring-your-own-device (BYOD) policies. In fact, new IBM research into 1 million BYOD and corporate-issued devices revealed that today:

  • Nearly 90 percent of companies only require simple, numeric pins;
  • Almost 80 percent of those companies enforce the most basic option to protect the data on these phones: a four- to five-digit PIN, which can be cracked in as little as 18 minutes, according to the iOS Hacker’s Handbook.

What we’re running on our phones only compounds this increasingly complex problem. Another IBM study found that nearly 40 percent of companies, including many in the Fortune 500, aren’t properly securing the mobile apps they build for customers. Moreover, 67 percent of companies allow employees to download unvetted apps to their work devices.

This opens enormous windows of opportunity for attackers, and they are increasingly capitalizing on these vulnerabilities.

While Apple’s latest security update is a well-timed win in the fight against increasingly organized and resourceful cybercriminals, in order for mobile security improvements to be accomplished at an industry level, companies must also continue to be mindful of the very reason BYOD has become a global phenomenon: user convenience.

 

 

Balancing Convenience With Security Protection

Apple’s new six-digit default is a perfect example of how to help users better protect personal and corporate data while still maintaining the ease of use they crave through touch authentication.

IBM partners with our clients in order to help them better calibrate the convenience and security equation. To get started, here are several best practices to consider:

  1. Communication is critical. Many employees don’t understand the risks of using unsecured mobile devices and apps, nor are they trained on the security of mobile content access and management in the workplace.
  2. Companies that seek to implement strong mobile device security would also do well to allow employees to use biometric authentication to ensure mobile devices remain convenient and secure.
  3. Investigate ways to strengthen the security of corporate data living on mobile devices even further, such as linking to an overall corporate identity management system or considering two-factor authentication.

Overall, flexibility is key to accomplishing mobile security goals. As mobile technology continues to evolve and expand, it’s also encouraging to see the industry continue to make it easier for users to protect themselves.

Yesterday’s news is a strong step in the right direction, but there’s much more to be done. Passcodes are simply the user’s first line of defense and remain only one piece of the puzzle. Security teams should use this moment to further rally around mobile security initiatives, such as stronger authentication of the data and apps that reside on the device, which will help us protect ourselves against rising threats in simple yet effective ways.

Download the white paper ‘The New Hackers’ Playground’ to learn more about mobile security

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today