Well it’s Verizon Data Breach Investigation Report week, which means all of us who pay attention to security took a long moment of silence this week to download and start looking through this excellent resource.
The basic data this year, collected from 79,790 security events shows a significant increase in both attacks and confirmed breaches (2,122, up from 1,367 in 2014).
The interesting wrinkle? Mobile is pretty much a non starter when it comes to cybercrime, but user error is still a main threat pattern that leads to data breaches.
This for me, brings up an ongoing debate that I love to dive into – BYOD.
This article – BYOD employees ‘indifferent’ to enterprise security – lays out the case of how BYOD undermines traditional security measures, but if the impact from mobile is currently low, and user error is an ongoing problem, how long will it be before these two paths combine? More importantly, how do we adapt our security stance to deal with the threat of both?
This quote in particular stood out to me:
Interestingly, Aruba found that device sharing is emerging as a popular trend. In total, six out of 10 respondents said they share their work and personal devices with others on a regular basis, but nearly a fifth do not have basic password protection on their smartphones or tablets, and 22 percent stated “they don’t have security measures in place so that they can share more easily.”
If only there were some company you could reach out to, to ensure that using the cloud to share more easily was secure.
In short, while the trend stands that mobile might not be a significant threat today, the future view I think might not be so clear.
On the one hand, the existing PC-focused infrastructure is the preferred method of attack, because it’s established and easier to do, and Phishing has such a high success rate, there’s not much need to do anything else.
BYOD, Cloud, and work from anywhere collaboration isn’t going anywhere though, and as younger and more multi-device connected people join the workforce, I think the threat surface will only see an increase.