SlideShare a Scribd company logo

How Healthcare CISOs Can Secure Mobile Devices

Download as PPTX, PDF
S
Skycure

Original webinar: http://get.skycure.com/mobile-security-in-healthcare-webinar In this webinar, Jim Routh, CSO at Aetna, and Adi Sharabani, CEO and co-founder at Skycure, discuss: - The state of mobile security in Healthcare organizations - How to improve incident response and resilience of mHealth IT operations - How to leverage risk-based mobility to predict, detect and protect against threats

Mobile
1 of 23
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 1 HOW HEALTHCARE CISOs CAN SECURE MOBILE DEVICES Jim Routh, CSO, Aetna Adi Sharabani, CEO, Skycure
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 2 Meet Your Speakers Jim Routh CSO Aetna Adi Sharabani Co-founder and CEO Skycure
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 3 Quick Housekeeping • Q&A panel is available if you have any questions • There will be time for Q&A at the end • We are recording this webinar for future viewing • All attendees will receive a copy of slides/recording Join the discussion #MobileThreatDefense
Aetna Inc. The Mobile Device is Our New Appendage 4 There are now more cell phones on the planet than there are people 90% of 19-29 year-olds in the U.S. sleep with their cell phones 65% of survey respondents said mobile phones make them better parents 75% of survey respondents bring their phones to the bathroom Apple Siri captures everything you say to her for 6 months and aggregates it for 18 months Social media apps have the ability to use your phone’s microphone to listen to your dialog What is the most commonly used mobile app? Source: Qualcomm, Slick Text Surveys The mobile phone is the best surveillance device in history
Aetna Inc. Mobile Security Landscape Security Changes New Interaction Opportunities Factors driving changes in mobile security • Frequent and shorter log-ins instead of long-on line sessions • Barriers to task completion • Improved customer experience using native features they are familiar with…information presented in a format using native features • No browser- the application needs hardening • Additive controls feasible • Mobile customers want more security to have confidence in the channel. Customer adoption is slower due to security concerns • Software distribution is a factor in security profile • Security vetting varies greatly • Fraudsters can scan mobile apps for vulnerabilities in app stores more easily • Mobile channel offers geo location, enhanced authentication capabilities (voice recognition, image and device attributes) • Mobile can potentially offer better customer experience (location of ATMs, identification in a branch, authentication to a CSR, voice commands, etc.) • 90% of 18-29 year olds sleep with their phone • 113 smartphones are lost or stolen every minute • The theft of cell phones makes up 30-40% of all robberies nationwide • Email, phone, browser used to be separate channels…now consolidating Consolidated Channels New Capabilities App Stores New Interaction Style Native Applications Security Sensitivity Proximity with user 5
Aetna Inc. Mobile Threats on the Rise 6
Aetna Inc. 7 The fourth dimension- Privacy Dimensions of Mobile Application Risk 1. Application Development 2. Software Distribution The mobile ecosystem 3. Device Configuration • Threat Models/Security features • Education & Developer Checklist • Application “wrapper” options • Root detection • Authentication • Security Test Selection Matrix • Static analysis • Dynamic scanning • Pen testing • Different stores have different security vetting procedures • The probability of “application collision” needs to be managed • Vetting mobile apps used by enterprise users for security and privacy • Does the app need to be tamper resistant? • Consumer • Code protection • Root/malware detection • Authentication • Channel verification • Enterprise • Mobile device configuration standard- MDM • Authentication controls • VPN channel Consumer Enterprise User
Aetna Inc. Aetna Mobile App Security SDLC Requirements Design Development Test Release Technical Design Patterns • Key management • Encryption (data in transit, data at rest) • Authentication • Version updates ENABLE VERIFY Static Analysis Dynamic ScanningThreat Modeling Design Patterns Ethical HackingOpen Source Risk Classification Mobile Mavens Mobile Security Software Training (Role-Based Curriculum) Preventive Detective Security Reqs Behavioral Auth SDK Code Protection DISTRIBUTE App Signing Process Guides 8
Aetna Inc. Threat Modeling / App Risk Assessment Key questions when threat modeling: • What are we building? • What information can be abused? • Are their flaws in the design? • How will the customer information captured be handled on which platforms? Benefits of threat modeling: • Early identification of security defects- lower cost • Increase product quality • Identify and understand security requirements 9
Aetna Inc. Static Source Code Analysis • Performed during development cycle • Includes exhaustive review of code quality (E.g. Objective-C, Java or C#), security and privacy issues • Goal to decrease defects during development lifecycle which results in longer term savings • Benefits • Immediate feedback and learnings for developers • Explicit references to areas needing attention • Developer oversights • Increase product quality Scan Results 10
Aetna Inc. 11 Next Generation Authentication • Binary authentication is obsolete • Behavioral- based model is key • Innovation applied to the interface Authentication Hub LOA Advanced Analytics Risk Score API Dynamic LOA API Backend Analytics & Risk Engine Prevent @ Inception RT Push+TouchID iWatch & Sign Out Wearables + T/Haptic Spatiotemporal + Real-Time (RT) Authorization SWIPE + Contextual SWIPE + TAP Advanced Contextual Cognitive & Device Biometrics FIDO UAF 1.0 FIDO 2.0 When Available Decentralized Authentication The mobile device provides an opportunity to improve authentication
Aetna Inc. Brand Protection – Tamper Resistance 12 • Reduce ability to perform app store scan for security vulnerabilities • Increase difficulty for attackers to create malware attacking our applications • Reduce ability to create clone applications • Provide brand protection
Aetna Inc. Brand Protection – App Store Monitoring 13
Aetna Inc. The 2 Most Widely Exploited Mobile Vulnerabilities 14 Apps for Android 314,000,000 hits TLS is broken Any credentials shared are exposed
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 15© 2015 Skycure Inc. Mobile Attack Vectors
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 17 Mobile Security Trends in Healthcare Exclusive Preview Source: Skycure Mobile Threat Report TREND High Risk 2.39% Minimal Risk 31.78% Low Risk 24.43% Medium Risk 41.40% Report is available here: goo.gl/DJc5IF
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 18 Mobile Threat Landscape Physical Network Vulnerabilities Malware
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 19 Physical Network Vulnerabilities Malware Physical Threats Addressed by our partners
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 20 % of doctors accessing patient data and exposed to network threats NUMBER OF DOCTORS SHARING DATA THROUGH… Network Threats Mobile devices connect to x100 more networksPhysical Network Vulnerabilities Malware Man in the Middle WifigatePineapple arpspoofdnsspoof SSL stripping SSL decryption Content manipulation https://www.youtube.com/watch?v=F9qIgSRD5vs
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 21 Malware Now affects iOS as wellPhysical Network Vulnerabilities Malware AndroidGoogle Play Store Apple AppStore ”Chinese” Stores XcodeGhost YiSpecter Repackaged Apps Malicious Profiles iOS NUMBER OF ANDROID DEVICES WITH MALICIOUS APPS INSTALLED NUMBER OF ANDROID DEVICES WITH AT LEAST ONE MEDICAL APP AND HIGH RISK MALWARE
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 22 Vulnerabilities Organized & directed effort from hackers 0 50 100 150 200 250 300 350 400 2007 2008 2009 2010 2011 2012 2013 2014 2015 Number of CVEs Trajectory (Apr 15') 0 50 100 150 200 250 300 350 400 2007 2008 2009 2010 2011 2012 2013 2014 2015 Number of CVEs Physical Network Vulnerabilities Malware iOS Vulnerabilities Source: Skycure analysis based of CVEdetails.com PERCENTAGE OF MOBILE DEVICES RUNNING OS WITH HIGH-SEVERITY VULNERABILITIES AND STORED PATIENT DATA Accessibility Clickjacking No iOS Zone Cookie Stealer HRH WiFiGate LinkedOut
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 23 Skycure Solution Overview Mobile Threat Intelligence Platform Physical Network Vulnerabilities Malware • Policy enforcement • Risk-based management • Enterprise integrations • Visibility Security Visibility IT Satisfaction Management • 24x7 detection and protection • Network, device and app analysis • Multi platform Seamless experience Privacy Minimal footprint End-User App 1 Million+ Global Threats Identified https://maps.skycure.com Crowd Wisdom Millions of monthly tests - apps & networks Skycure Research No iOS Zone, Malicious Profiles, WiFiGate, LinkedOut Threat Aggregator Dozens of threat feeds from 3rd parties Legitimate Services Attackers & Threats
Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 24 Assess Your Mobile Risk Request a Free Trial: http://skycure.com/trial

Recommended

Mobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsMobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsSkycure
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesSkycure
 
Mobile Security & Analytics: What Works and What Doesn't
Mobile Security & Analytics: What Works and What Doesn'tMobile Security & Analytics: What Works and What Doesn't
Mobile Security & Analytics: What Works and What Doesn'tSkycure
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsSkycure
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Skycure
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 

Recommended

Mobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsMobile Security - 2015 Wrap-up and 2016 Predictions
Mobile Security - 2015 Wrap-up and 2016 PredictionsSkycure
 
How to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksHow to Predict, Detect and Protect Against Mobile Cyber Attacks
How to Predict, Detect and Protect Against Mobile Cyber AttacksSkycure
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesHow Aetna Mitigated 701 Malware Infections on Mobile Devices
How Aetna Mitigated 701 Malware Infections on Mobile DevicesSkycure
 
Mobile Security & Analytics: What Works and What Doesn't
Mobile Security & Analytics: What Works and What Doesn'tMobile Security & Analytics: What Works and What Doesn't
Mobile Security & Analytics: What Works and What Doesn'tSkycure
 
Tools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsTools for Evaluating Mobile Threat Defense Solutions
Tools for Evaluating Mobile Threat Defense SolutionsSkycure
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Skycure
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
Five mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseFive mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseNowSecure
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection securityIBM Security
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNowSecure
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityZimperium
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsIBM Security
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
Kaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessIBM Security
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Enterprise Management Associates
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 

More Related Content

What's hot

How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
Five mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseFive mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseNowSecure
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection securityIBM Security
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNowSecure
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityZimperium
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsIBM Security
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
Kaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessIBM Security
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Enterprise Management Associates
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 

What's hot (20)

How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMM
 
Five mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseFive mobile security challenges facing the enterprise
Five mobile security challenges facing the enterprise
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016
 
Infographic network protection security
Infographic network protection securityInfographic network protection security
Infographic network protection security
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographic
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested Reality
 
Infographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threatsInfographic: Mobile is growing and so are security threats
Infographic: Mobile is growing and so are security threats
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
Kaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise PortfolioKaspersky Lab new Enterprise Portfolio
Kaspersky Lab new Enterprise Portfolio
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 
Infographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud SuccessInfographic: 5 Tips for Cloud Success
Infographic: 5 Tips for Cloud Success
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
 

Similar to How Healthcare CISOs Can Secure Mobile Devices

Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020tmbainjr131
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfSetiya Nugroho
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...IJCSIS Research Publications
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsBlueboxer2014
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application SecuritySaadSaif6
 
Mobile Application Security by Design
Mobile Application Security by DesignMobile Application Security by Design
Mobile Application Security by DesignDMI
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 

Similar to How Healthcare CISOs Can Secure Mobile Devices (20)

Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk Imperative
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability
 
WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdf
 
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
F-LOCKER: An Android Face Recognition Applocker Using Local Binary Pattern Hi...
 
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile SecurityMojave Networks Webinar: A Three-Pronged Approach to Mobile Security
Mojave Networks Webinar: A Three-Pronged Approach to Mobile Security
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Transforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending AppsTransforming Risky Mobile Apps into Self Defending Apps
Transforming Risky Mobile Apps into Self Defending Apps
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Research Article On Web Application Security
Research Article On Web Application SecurityResearch Article On Web Application Security
Research Article On Web Application Security
 
Mobile Application Security by Design
Mobile Application Security by DesignMobile Application Security by Design
Mobile Application Security by Design
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 

Recently uploaded

哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...wyqazy
 
Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝soniya singh
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceanilsa9823
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceanilsa9823
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Pooja Nehwal
 
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...Niamh verma
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7Pooja Nehwal
 

Recently uploaded (7)

哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
哪里有卖的《俄亥俄大学学历证书+俄亥俄大学文凭证书+俄亥俄大学学位证书》Q微信741003700《俄亥俄大学学位证书复制》办理俄亥俄大学毕业证成绩单|购买...
 
Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Shalimar Bagh Delhi reach out to us at 🔝8264348440🔝
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
 
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
Chandigarh Call Girls Service ❤️🍑 9115573837 👄🫦Independent Escort Service Cha...
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7
 

How Healthcare CISOs Can Secure Mobile Devices

  • 1. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 1 HOW HEALTHCARE CISOs CAN SECURE MOBILE DEVICES Jim Routh, CSO, Aetna Adi Sharabani, CEO, Skycure
  • 2. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 2 Meet Your Speakers Jim Routh CSO Aetna Adi Sharabani Co-founder and CEO Skycure
  • 3. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 3 Quick Housekeeping • Q&A panel is available if you have any questions • There will be time for Q&A at the end • We are recording this webinar for future viewing • All attendees will receive a copy of slides/recording Join the discussion #MobileThreatDefense
  • 4. Aetna Inc. The Mobile Device is Our New Appendage 4 There are now more cell phones on the planet than there are people 90% of 19-29 year-olds in the U.S. sleep with their cell phones 65% of survey respondents said mobile phones make them better parents 75% of survey respondents bring their phones to the bathroom Apple Siri captures everything you say to her for 6 months and aggregates it for 18 months Social media apps have the ability to use your phone’s microphone to listen to your dialog What is the most commonly used mobile app? Source: Qualcomm, Slick Text Surveys The mobile phone is the best surveillance device in history
  • 5. Aetna Inc. Mobile Security Landscape Security Changes New Interaction Opportunities Factors driving changes in mobile security • Frequent and shorter log-ins instead of long-on line sessions • Barriers to task completion • Improved customer experience using native features they are familiar with…information presented in a format using native features • No browser- the application needs hardening • Additive controls feasible • Mobile customers want more security to have confidence in the channel. Customer adoption is slower due to security concerns • Software distribution is a factor in security profile • Security vetting varies greatly • Fraudsters can scan mobile apps for vulnerabilities in app stores more easily • Mobile channel offers geo location, enhanced authentication capabilities (voice recognition, image and device attributes) • Mobile can potentially offer better customer experience (location of ATMs, identification in a branch, authentication to a CSR, voice commands, etc.) • 90% of 18-29 year olds sleep with their phone • 113 smartphones are lost or stolen every minute • The theft of cell phones makes up 30-40% of all robberies nationwide • Email, phone, browser used to be separate channels…now consolidating Consolidated Channels New Capabilities App Stores New Interaction Style Native Applications Security Sensitivity Proximity with user 5
  • 7. Aetna Inc. 7 The fourth dimension- Privacy Dimensions of Mobile Application Risk 1. Application Development 2. Software Distribution The mobile ecosystem 3. Device Configuration • Threat Models/Security features • Education & Developer Checklist • Application “wrapper” options • Root detection • Authentication • Security Test Selection Matrix • Static analysis • Dynamic scanning • Pen testing • Different stores have different security vetting procedures • The probability of “application collision” needs to be managed • Vetting mobile apps used by enterprise users for security and privacy • Does the app need to be tamper resistant? • Consumer • Code protection • Root/malware detection • Authentication • Channel verification • Enterprise • Mobile device configuration standard- MDM • Authentication controls • VPN channel Consumer Enterprise User
  • 8. Aetna Inc. Aetna Mobile App Security SDLC Requirements Design Development Test Release Technical Design Patterns • Key management • Encryption (data in transit, data at rest) • Authentication • Version updates ENABLE VERIFY Static Analysis Dynamic ScanningThreat Modeling Design Patterns Ethical HackingOpen Source Risk Classification Mobile Mavens Mobile Security Software Training (Role-Based Curriculum) Preventive Detective Security Reqs Behavioral Auth SDK Code Protection DISTRIBUTE App Signing Process Guides 8
  • 9. Aetna Inc. Threat Modeling / App Risk Assessment Key questions when threat modeling: • What are we building? • What information can be abused? • Are their flaws in the design? • How will the customer information captured be handled on which platforms? Benefits of threat modeling: • Early identification of security defects- lower cost • Increase product quality • Identify and understand security requirements 9
  • 10. Aetna Inc. Static Source Code Analysis • Performed during development cycle • Includes exhaustive review of code quality (E.g. Objective-C, Java or C#), security and privacy issues • Goal to decrease defects during development lifecycle which results in longer term savings • Benefits • Immediate feedback and learnings for developers • Explicit references to areas needing attention • Developer oversights • Increase product quality Scan Results 10
  • 11. Aetna Inc. 11 Next Generation Authentication • Binary authentication is obsolete • Behavioral- based model is key • Innovation applied to the interface Authentication Hub LOA Advanced Analytics Risk Score API Dynamic LOA API Backend Analytics & Risk Engine Prevent @ Inception RT Push+TouchID iWatch & Sign Out Wearables + T/Haptic Spatiotemporal + Real-Time (RT) Authorization SWIPE + Contextual SWIPE + TAP Advanced Contextual Cognitive & Device Biometrics FIDO UAF 1.0 FIDO 2.0 When Available Decentralized Authentication The mobile device provides an opportunity to improve authentication
  • 12. Aetna Inc. Brand Protection – Tamper Resistance 12 • Reduce ability to perform app store scan for security vulnerabilities • Increase difficulty for attackers to create malware attacking our applications • Reduce ability to create clone applications • Provide brand protection
  • 13. Aetna Inc. Brand Protection – App Store Monitoring 13
  • 14. Aetna Inc. The 2 Most Widely Exploited Mobile Vulnerabilities 14 Apps for Android 314,000,000 hits TLS is broken Any credentials shared are exposed
  • 15. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 15© 2015 Skycure Inc. Mobile Attack Vectors
  • 16. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 17 Mobile Security Trends in Healthcare Exclusive Preview Source: Skycure Mobile Threat Report TREND High Risk 2.39% Minimal Risk 31.78% Low Risk 24.43% Medium Risk 41.40% Report is available here: goo.gl/DJc5IF
  • 17. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 18 Mobile Threat Landscape Physical Network Vulnerabilities Malware
  • 18. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 19 Physical Network Vulnerabilities Malware Physical Threats Addressed by our partners
  • 19. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 20 % of doctors accessing patient data and exposed to network threats NUMBER OF DOCTORS SHARING DATA THROUGH… Network Threats Mobile devices connect to x100 more networksPhysical Network Vulnerabilities Malware Man in the Middle WifigatePineapple arpspoofdnsspoof SSL stripping SSL decryption Content manipulation https://www.youtube.com/watch?v=F9qIgSRD5vs
  • 20. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 21 Malware Now affects iOS as wellPhysical Network Vulnerabilities Malware AndroidGoogle Play Store Apple AppStore ”Chinese” Stores XcodeGhost YiSpecter Repackaged Apps Malicious Profiles iOS NUMBER OF ANDROID DEVICES WITH MALICIOUS APPS INSTALLED NUMBER OF ANDROID DEVICES WITH AT LEAST ONE MEDICAL APP AND HIGH RISK MALWARE
  • 21. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 22 Vulnerabilities Organized & directed effort from hackers 0 50 100 150 200 250 300 350 400 2007 2008 2009 2010 2011 2012 2013 2014 2015 Number of CVEs Trajectory (Apr 15') 0 50 100 150 200 250 300 350 400 2007 2008 2009 2010 2011 2012 2013 2014 2015 Number of CVEs Physical Network Vulnerabilities Malware iOS Vulnerabilities Source: Skycure analysis based of CVEdetails.com PERCENTAGE OF MOBILE DEVICES RUNNING OS WITH HIGH-SEVERITY VULNERABILITIES AND STORED PATIENT DATA Accessibility Clickjacking No iOS Zone Cookie Stealer HRH WiFiGate LinkedOut
  • 22. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 23 Skycure Solution Overview Mobile Threat Intelligence Platform Physical Network Vulnerabilities Malware • Policy enforcement • Risk-based management • Enterprise integrations • Visibility Security Visibility IT Satisfaction Management • 24x7 detection and protection • Network, device and app analysis • Multi platform Seamless experience Privacy Minimal footprint End-User App 1 Million+ Global Threats Identified https://maps.skycure.com Crowd Wisdom Millions of monthly tests - apps & networks Skycure Research No iOS Zone, Malicious Profiles, WiFiGate, LinkedOut Threat Aggregator Dozens of threat feeds from 3rd parties Legitimate Services Attackers & Threats
  • 23. Title of Presentation DD/MM/YYYY© 2016 Skycure Inc. 24 Assess Your Mobile Risk Request a Free Trial: http://skycure.com/trial