Happy 2023! With the tradition of New Year’s resolutions, common themes include physical and financial goals. In the world of the Anywhere Workspace platform, we’d like to extend 2023 resolutions to include cybersecurity and cyber hygiene.
Mobile threats are the sleeping giant that is waking up. According to the Verizon Mobile Security Index 2022, there are four major components of the mobile threat landscape to consider in your security fitness plan: people and behaviors, apps, devices and things, and networks and clouds. Security threats based on people and their behaviors on mobile are not new, unfortunately. In 2022, 82% of breaches involved the human element, according to the Verizon 2022 Data Breach Investigations report. People and their behaviors are increasingly a component of cybercrime as malicious actors turn to phishing and pretexting, plus targeted social engineering, to launch their cyber attacks.
Based on the Verizon Mobile Security Index, we have a better understanding of how hackers target these major components.
- People and behavior. We — employees, contractors, frontline workers, and more — are threats to the security of the companies we work for. Attackers find innovative ways to phish our credentials. Some of us do not practice good cyber hygiene; for example, we reuse the same password across many sites. Cyber attackers are now “password spraying” by systematically trying a multitude of passwords to steal our credentials — a more advanced form of brute force attacks. Pretexting is becoming more common, too, whether it’s crafted by a deepfake or an actual person working to compromise targets.
- Apps and app permissions. Many of the apps we download and use typically request access to our device’s camera, microphone, and location data — and we unthinkingly grant that access. People also “sideload” apps from unvetted sources, and those apps can have exploitable vulnerabilities.
- Devices and things. How many devices do I own? Smartphone, laptop, tablet, smart watch, speaker, smart doorbell, and others! With more devices comes a greater need to protect and secure them all. What is my plan — or your plan — to protect corporate-owned, personally-enabled (COPE), or even personally-owned, devices that access corporate apps and networks? How do you ensure you are not the weak link that leads to a data breach for your company?
- Networks and clouds. Public Wi-Fi is available for me to work from anywhere. Do I always know if it is safe or how it’s configured and maintained? Honestly, no. How do I know if I am at risk for a machine in the middle attack?
So how does someone strengthen or build out a security resolution plan with so many prevailing mobile threats around?
Here are five ways to strengthen your mobile devices with workspace security solutions:
- Segment conditional access. Authenticate users at the endpoint and segment their access to resources via automatic, seamless, per-app tunneling.
- Configure secure policies for corporate-owned, personally owned, or unmanaged devices with phishing-resistant multifactor authentication.
- Address mobile threats head on with advanced mobile threat protection.
- Provide end users with a single app to access tools for work, authenticate, and view security status and alerts.
- Deliver information to both IT and users that is actionable and aids decision making, auto-remediation, and overall assessment of mobile device population health.
What are your cybersecurity resolutions for 2023 and beyond? Having secure frameworks and responsive solutions in place will reduce the likelihood of cybercrimes. The VMware workspace security solution is designed for anywhere work, meaning that it enables diverse work styles and helps address threats and issues faster, for better compliance across populations and responses to individual threats.
For more on how VMware secures the hybrid workforce, visit vmware.com/go/workspacesecurity.