A new survey by OPSWAT shows compromised or infected devices are seen as security professionals biggest nightmare. Devices are now a bigger concern than data entering the organisation. While some are checking devices, only a few are bothering to check for greyware on users own devices which increases the security risk.
Despite the benefits from Bring Your Own Device (BYOD), particularly around budget savings, the risks to security continue to mount. With the holiday season now over, many companies are struggling to cope with an influx of new devices. Much of the problem is getting to the point where users can access corporate data securely and where data stored on devices is fully protected. Although the number of Mobile Device Management (MDM) tools in the market continues to increase, IT departments are continue to lose ground as new devices appear.
OPSWAT reports device risk checking is patchy
On the upside for enterprises, IT teams are managing to carry out device risk assessments and some limited compliance checks. According to the survey 88% check for antivirus software on devices and 81% check firewall status is turned on. Unfortunately while encryption of the device at 67% and password protection for device access at 65% are better than they were, they cannot be called enterprise grade by a long way.
An increasing number of companies are beginning to use multiple scanning technologies in order to improve the detection of risk. According to Benny Czarny, CEO at OPSWAT: “With over 390,000 new threats emerging daily, anti-malware engines need to detect new threats continuously, and will inevitably address different threats at different times. By using only one or two antivirus engines, companies are exposing themselves to malware threats, since no antivirus engine can be accurate 100% of the time.
“However, by using multiple anti-malware engines, companies can benefit from several detection algorithms and heuristics to significantly increase malware detection rates, as well as their protection against new threats. With multi-scanning, only one engine needs to detect the threat in order for a company to be protected.”
While multi scanning is on the increase it can only be effective if applied to all traffic. The survey shows that half the respondents barely half check files before they are uploaded onto a server and only a third scan binaries. This creates an atmosphere of false security with the tools and has the risk of users being infected from inside the network and not outside.
Greyware too easy an infection vector
Despite Czrny’s advice there is a darker side to this survey. Only 13% of respondents admitted to checking for greyware on devices. The increase in the number of infected apps across all mobile platforms means that it is increasingly likely that users will become infected or compromised.
2015 also saw a significant increase in the use of greyware where users were buying apps from places other than authorised app stores. Many of these apps look like official apps even though they exist just to harvest user details or take advantage of users to gain access to enterprise networks.
Among the types of greyware that are often downloaded from Internet sites are ‘cracked’ versions of security suites. These come with the keys so that users can install them on devices for free. The worrying thing is how often these packages are downloaded without anyone asking if they have been tampered with.
From an enterprise perspective, if all you are doing is detecting the presence of anti-virus software or a firewall without properly validating it then you are not only allowing dangerous greyware into the enterprise but you are again creating a false sense of security.
While BYOD is a major challenge it is surprisingly that IT security professionals are still struggling to better protect networks and data. With the increased penalties that the EU General Data Protection Regulation (GDPR) now brings to bear there is an urgent need for companies to review BYOD and even cloud.
Companies are happy to be references for device and cloud vendors to talk about how much they have saved on their IT budgets with these two changes over the last few years. What this survey shows is that they need to use some of the monies saved by strengthening their security controls on the use of new technologies.