When preparing my presentation I read a lot of materials to see what was this BYOD thing, and this is what I got
Let´s start analyzing the terms and trying to find out what we exactly mean and what the problem is.To start with, you don´t want me to bring my devices to the office? Or to use them in the company´s network? Or to use them at all?And what devices are we talking about? Is just the device the problem? Is ok to use the coorporate phone and then to use Facebook?I know that this is a bit vague but so it is the problem. Let´s get to business.
What are weafraidthathappenswhenwebringourowndevices?Problem 1: youbringsomedevice and everybodygetsinfected
Thisis averylikelyscenario, rememberconficker? However, whatdevices are involvedhere?Nothing new here. Isreallyallthis new fancyfuzz-word BYOD so fashionablethesedaysjustbecausepeopleisbringing laptops and USBstowork?Yes there are someconcerns: USBs and otherdeviceshave OS, howtoupdatethem? Whoisresponsible?Wehavebeenprovidingsolutionsforthesesinceyearsago! Antivirus, policies, IDS, IPS, allthis has beenaroundforyears!
Basicallytosomeonegettingintoourorganization and stealingoursecrets, toour data.Ifwebring a wormintoourorganization, likeconficker, wemaybringitdownfor a fewhours: thisisverybad.Ifwebring a backdoor and theygetoursecrets: wemay lose ourresearch, strategies, products, publicimage … we can lose everything.
Coca-Cola Co. infiltrated in 2009 by hackers seekingdocson a pendingacquisition; dealfallsapartthreedayslater
Smartphones and tablets
Surethey are! Don´twanttoscarewithtypicalmobilestuff, just a simple examples. We are notyet in thebig spread (althoughlastyearwesawsomeexamplesthankstogoogle).Enrollarse un poco con el tema de malware para mobile, casos el año pasado en el googleplayetcDevicesmay be the bridge fortheseattacks, butunlikelyto be themaindoortothem. Stillspearphishingisthemainmethodused.So again, whyweworryaboutthem?
Wouldyoucarry a tracking device?Smartphones are the new mine of goldforspies & attackers: tracking, conversations, camera, micro, email, contacts, gps, etc
Big data-gatherers and small spies.What do you think are all 0day researchers trying to exploit?
Contar la historia del FinSpy.What do you think are all 0day researchers trying to exploit?
Whatsecuritymeasuresyouhave in yourmobile? Howeasyitistogetitwhileyouhave a coffee and installwhatever so I get control of thedevice
Sysadmin now have devices difficult for them to control in their networks. And all the CEOs are around worrying on how people can now steal everything because they bring their smartphones
Isthat a new thing? Isthatbecause of themobilething? BradleyManningdidthebiggest data leakknownto date with a Lady Gaga CD in hishands
I have some really boring figures for you!
Evolution of socialengineeringlately – ontherise, as well as remotehacks of allkind, no more stolen laptops
Twopoints of interestwhere social engineering and/orinstallation of malware on targets mayhad lead tocompromisethevictim´snetwork
Oneyearago I wastalkingabouttheconsumerization of mobiledevices, how using personal and work life together brings trouble.Comment about information gathering and facebook reverse lookup for mobile numbers, even for private numbers – feature deactivated today.
Theproblemhereisnotthedevice,buthowwe use new technologies and tools, howwechangeourlives, and howweinadvertidly can putouremployee in danger.And as such, attackers try allkind of trickstogettheirwaytowhatthey look after. Mobile isnotthe real problemhere, justanothertoolthey can use
Mr. Barksdale shows how people is people, leaks exist.The same on a enterprise level: do we know who else Google provide access to our data?
Information divided in levels, only access depending on a risk score, depends on who, where and how
The enemy in your pocket
The enemy in your pocket Securing smartphones in the enterprise Vicente Diaz, Senior Security Analyst, GReAT Gartner Symposium/ITxpo 2012, BarcelonaPAGE 1 |
BYOD will come regardless you have a policy or not Human behavior has shifted, BYOD is a response to that My CEO heard we can save money through BYODPAGE 2 |
Abusing Consumerization - Mobile devices Are they dangerous? It depends on what you do with it! Facebook Twitter Gmail Corporate e-mail Reading corporate documents Writing confidential e-mails?PAGE 21 | 1 2
Reality for most companies is differentPAGE 28 | 1 2
Reality for most companies is differentPAGE 29 | 1 2
Conclusions BYOD: Myth vs Reality Policies are necessary, but they are not enough Is the problem in the device or in educating users? Who is responsible for the security of the device? We all love chocolates!PAGE 30 | 1 2
Thank You Questions? Vicente Diaz, Senior Security Researcher, Global Research and Analysis Team @trompi firstname.lastname@example.orgPAGE 31 |