NowSecure, profile picture
Uploaded byNowSecure
PDF, PPTX841 views

It's not about you: Mobile security in 2016

The document discusses the challenges of mobile security in 2016, highlighting issues such as the inadequacy of traditional security defenses, the risks posed by dual-use devices, and the prevalence of leaky apps. It emphasizes the fragmented nature of the mobile ecosystem, where multiple vendors contribute to security without accountability. The document suggests necessary actions, including vetting apps and ensuring installations are on secure endpoints, to mitigate mobile security risks.

Embed presentation

Download as PDF, PPTX
IT’S NOT ABOUT YOU Mobile security in 2016
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Connect with us Follow us on Twitter @NowSecureMobile — Subscribe to #MobSec5 our weekly mobile security news digest http://mobsec5.nowsecure.com/ — Visit our website https://www.nowsecure.com
Sam Bakken Content Marketing Manager @skbakken ● 7+ years marketing cybersecurity solutions ● Managing Editor, 2014 & 2015 Trustwave Global Security Report Email: sbakken@nowsecure.com © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Contents ● It ain’t about you ● Pressing issues ● Leaky / risky apps ● Mobile fragmentation ● What do you need to do? ● Questions
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Typical security defenses fail in mobile settings because they protect boundaries rather than the information itself, and mobile users do not respect traditional boundaries. Gartner: https://www.gartner.com/doc/3158326
You’ve lost control of the perimeter.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Pressing issues ● Dual-use devices (bring-your-own-device) ● Lack of administrative access and visibility ● Malware vs. legitimate leaky/risky apps ● Complex ecosystem of vendors ○ Fragmentation ○ Updates are slow, if they come at all In mobile security Malware Legitimate apps that leak sensitive data
Cybersecurity and Cyberwar: What Everyone Needs to Know [The] market is fragmented, with multiple makers… each with a role in security but often lacking any sense of responsibility for it. “ ”
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Announcements from Google last week 65billion 600 Apps downloaded from the Google Play store in the past year Android smartphone models launched in the past year
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. The more popular an app (determined by downloads), the more likely it is to include a security flaw 1M-5M Downloads 5M-10M Downloads 37 % 46 % 50 % 100K-500K Downloads View the full report
We kill people based on metadata. General Michael Hayden, former director of the NSA and CIA
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. The value of even seemingly trivial data PNAS Evaluating the privacy properties of telephone metadata
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Android fragmentation as of August 2015 Android Fragmentation Visualized (August 2015) 24,093 DISTINCT DEVICES
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Distribution of Android versions from NowSecure dataset
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Prevalence of iOS versions from NowSecure Dataset
So what can you do about it?
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Where does mobile risk originate?
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. A simple formula for mobile security Vet apps to ensure they don’t exceed your risk threshold + Make sure apps are installed on healthy endpoints Secure apps on healthy endpoints Learn more about mobile endpoint security
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Data you need to reduce uncertainty and increase visibility What do you know, and what do you not know 1 2 3 4 5 6 What devices do employees use? What OSs run on those devices? What vulnerabilities exist within those OSs? What apps do employees install on their devices? How risky or leaky are those apps? What destinations does your data travel to and is it encrypted?
Let’s talk sbakken@nowsecure.com +1 312.878.1100 @skbakken Keep tabs on the state of mobile security. Subscribe to #MobSec5 - a collection of the week’s mobile news that matters. Subscribe to #MobSec5 now

More Related Content

PDF
How to scale mobile application security testing
byNowSecure
 
PDF
How to make Android apps secure: dos and don’ts
byNowSecure
 
PDF
Shifting left: Continuous testing for better app quality and security
byNowSecure
 
PDF
Preparing for the inevitable: The mobile incident response playbook
byNowSecure
 
PDF
The fundamentals of Android and iOS app security
byNowSecure
 
PDF
Five mobile security challenges facing the enterprise
byNowSecure
 
PDF
Mobile Penetration Testing: Episode II - Attack of the Code
byNowSecure
 
PDF
Mobile Penetration Testing: Episode III - Attack of the Code
byNowSecure
 
How to scale mobile application security testing
byNowSecure
 
How to make Android apps secure: dos and don’ts
byNowSecure
 
Shifting left: Continuous testing for better app quality and security
byNowSecure
 
Preparing for the inevitable: The mobile incident response playbook
byNowSecure
 
The fundamentals of Android and iOS app security
byNowSecure
 
Five mobile security challenges facing the enterprise
byNowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
byNowSecure
 
Mobile Penetration Testing: Episode III - Attack of the Code
byNowSecure
 

What's hot

PDF
Mobile Penetration Testing: Episode 1 - The Forensic Menace
byNowSecure
 
PDF
How Android and iOS Security Enhancements Complicate Threat Detection
byNowSecure
 
PDF
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
byNowSecure
 
PDF
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
byviaForensics
 
PDF
Via forensics thotcon-2013-mobile-security-with-santoku-linux
byviaForensics
 
PDF
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
byNowSecure
 
PDF
Cybersecurity Fundamentals for Bar Associations
byNowSecure
 
PDF
Webinar: Is your web security broken? - 10 things you need to know
byCyren, Inc
 
PDF
Webinar: IT security at SMBs: 2016 benchmarking survey
byCyren, Inc
 
PDF
Webinar: Insights from Cyren's 2016 cyberthreat report
byCyren, Inc
 
PDF
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
byNowSecure
 
PDF
Webinar: A deep dive on ransomware
byCyren, Inc
 
PDF
Webinar: Stopping evasive malware - how a cloud sandbox array works
byCyren, Inc
 
PDF
Webinar: Why evasive zero day attacks are killing traditional sandboxing
byCyren, Inc
 
PDF
How To [relatively] Secure your Web Applications
byAmmar WK
 
PDF
Webinar: A deep dive on phishing, today's #1 business threat
byCyren, Inc
 
PPTX
Add Security Testing Tools to Your Delivery Pipeline
byGene Gotimer
 
PPTX
Using Deception to Detect and Profile Hidden Threats
bySatnam Singh
 
PPTX
The Threat Landscape in the Era of Directed Attacks - Webinar
byKaspersky
 
PDF
Deception in Cyber Security (League of Women in Cyber Security)
byPhillip Maddux
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
byNowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
byNowSecure
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
byNowSecure
 
Mobile analysis-kung-fu-santoku-style-viaforensics-rsa-conference-2014
byviaForensics
 
Via forensics thotcon-2013-mobile-security-with-santoku-linux
byviaForensics
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
byNowSecure
 
Cybersecurity Fundamentals for Bar Associations
byNowSecure
 
Webinar: Is your web security broken? - 10 things you need to know
byCyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
byCyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
byCyren, Inc
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
byNowSecure
 
Webinar: A deep dive on ransomware
byCyren, Inc
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
byCyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
byCyren, Inc
 
How To [relatively] Secure your Web Applications
byAmmar WK
 
Webinar: A deep dive on phishing, today's #1 business threat
byCyren, Inc
 
Add Security Testing Tools to Your Delivery Pipeline
byGene Gotimer
 
Using Deception to Detect and Profile Hidden Threats
bySatnam Singh
 
The Threat Landscape in the Era of Directed Attacks - Webinar
byKaspersky
 
Deception in Cyber Security (League of Women in Cyber Security)
byPhillip Maddux
 

Viewers also liked

PDF
5g road to 5g (the future of wireless communication) technology
bymoazalhosne
 
PDF
OWASP Mobile Top 10
byNowSecure
 
PDF
Owasp Mobile Top 10 - M7 & M8
by5h1vang
 
PDF
Owasp Top 10 (M-10 : Lack of Binary Protection) | Null Meet
by5h1vang
 
PDF
OWASP Top 10 for Mobile
byAppvigil - Mobile App Security Scanner
 
PPTX
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
byNikola Milosevic
 
PPTX
Owasp mobile top 10
byPawel Rzepa
 
PPTX
Li fi technology - The Future Wireless Communication
byNishaSharma94
 
PPSX
Future of Wireless Technology
byNisha Menon K
 
PDF
Li fi (light fidelity)-the future technology in wireless communication
byLaxman Mewari
 
PPTX
Addressing the OWASP Mobile Security Threats using Xamarin
byAlec Tucker
 
PPTX
Generation of 1G to 5G
byAjay Kumar
 
PDF
Opensource
byAndrej Koelewijn
 
PPTX
LDR BASED MOBILE CHARGING AND PUBLIC LIGHTNING BY USING SOLAR TREE EEE/ECE S...
byVithalreddy Reddy's
 
PDF
Wireless Technology Evolution - UC Irvine/DASpedia Seminar - John K Bramfeld
byJohn K. Bramfeld
 
PDF
OWASP Day - OWASP Day - Lets secure!
byPrathan Phongthiproek
 
PDF
Latest Seminar Topics for Engineering,MCA,MSc Students
byArun Kumar
 
PDF
Lte optimization
bytharinduwije
 
5g road to 5g (the future of wireless communication) technology
bymoazalhosne
 
OWASP Mobile Top 10
byNowSecure
 
Owasp Mobile Top 10 - M7 & M8
by5h1vang
 
Owasp Top 10 (M-10 : Lack of Binary Protection) | Null Meet
by5h1vang
 
OWASP Top 10 for Mobile
byAppvigil - Mobile App Security Scanner
 
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid
byNikola Milosevic
 
Owasp mobile top 10
byPawel Rzepa
 
Li fi technology - The Future Wireless Communication
byNishaSharma94
 
Future of Wireless Technology
byNisha Menon K
 
Li fi (light fidelity)-the future technology in wireless communication
byLaxman Mewari
 
Addressing the OWASP Mobile Security Threats using Xamarin
byAlec Tucker
 
Generation of 1G to 5G
byAjay Kumar
 
Opensource
byAndrej Koelewijn
 
LDR BASED MOBILE CHARGING AND PUBLIC LIGHTNING BY USING SOLAR TREE EEE/ECE S...
byVithalreddy Reddy's
 
Wireless Technology Evolution - UC Irvine/DASpedia Seminar - John K Bramfeld
byJohn K. Bramfeld
 
OWASP Day - OWASP Day - Lets secure!
byPrathan Phongthiproek
 
Latest Seminar Topics for Engineering,MCA,MSc Students
byArun Kumar
 
Lte optimization
bytharinduwije
 

Similar to It's not about you: Mobile security in 2016

PDF
5 Mobile App Security MUST-DOs in 2018
byNowSecure
 
PDF
Mobile App Security Predictions 2019
byNowSecure
 
PDF
iOS and Android security: Differences you need to know
byNowSecure
 
PDF
Whitepaper - CISO Guide_6pp
byEric Zhuo
 
PDF
Mobile security article
byKulani Mahadewa
 
PDF
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
byEC-Council
 
PDF
Why You'll Care More About Mobile Security in 2020
bytmbainjr131
 
PDF
Article on Mobile Security
byTharaka Mahadewa
 
PDF
HackMiami_2017_Chemerkin_Yury_for_website.pdf
byYury Chemerkin
 
PPTX
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
byCamilo Fandiño Gómez
 
PDF
11 Reasons Why Your Company Could Be In Danger
byCopper Mobile, Inc.
 
PDF
Vetting Mobile Apps for Corporate Use: Security Essentials
byNowSecure
 
PDF
Can You Steal From Me Now? Mobile and BYOD Security Risks
byMichael Davis
 
PDF
Debunking the Top 5 Myths About Mobile AppSec
byNowSecure
 
PDF
Securing Mobile Apps - Appfest Version
bySubho Halder
 
PDF
DefCamp_2016_Chemerkin_Yury_--_publish.pdf
byYury Chemerkin
 
PDF
Unicom Conference - Mobile Application Security
bySubho Halder
 
PDF
Top Seven Risks of Enterprise Mobility - How to protect your business
bySymantec
 
PDF
Evaluate Top Seven Risks of Enterprise Mobility
byRapidSSLOnline.com
 
PPTX
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...
byMaurice Dawson
 
5 Mobile App Security MUST-DOs in 2018
byNowSecure
 
Mobile App Security Predictions 2019
byNowSecure
 
iOS and Android security: Differences you need to know
byNowSecure
 
Whitepaper - CISO Guide_6pp
byEric Zhuo
 
Mobile security article
byKulani Mahadewa
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
byEC-Council
 
Why You'll Care More About Mobile Security in 2020
bytmbainjr131
 
Article on Mobile Security
byTharaka Mahadewa
 
HackMiami_2017_Chemerkin_Yury_for_website.pdf
byYury Chemerkin
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
byCamilo Fandiño Gómez
 
11 Reasons Why Your Company Could Be In Danger
byCopper Mobile, Inc.
 
Vetting Mobile Apps for Corporate Use: Security Essentials
byNowSecure
 
Can You Steal From Me Now? Mobile and BYOD Security Risks
byMichael Davis
 
Debunking the Top 5 Myths About Mobile AppSec
byNowSecure
 
Securing Mobile Apps - Appfest Version
bySubho Halder
 
DefCamp_2016_Chemerkin_Yury_--_publish.pdf
byYury Chemerkin
 
Unicom Conference - Mobile Application Security
bySubho Halder
 
Top Seven Risks of Enterprise Mobility - How to protect your business
bySymantec
 
Evaluate Top Seven Risks of Enterprise Mobility
byRapidSSLOnline.com
 
MOBILE DEVICES: THE CASE FOR CYBER SECURITY HARDENED SYSTEMS AND METHODS TO ...
byMaurice Dawson
 

More from NowSecure

PDF
iOS recon with Radare2
byNowSecure
 
PDF
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
byNowSecure
 
PDF
Android Q & iOS 13 Privacy Enhancements
byNowSecure
 
PDF
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
byNowSecure
 
PDF
Building a Mobile App Pen Testing Blueprint
byNowSecure
 
PDF
Jeff's Journey: Best Practices for Securing Mobile App DevOps
byNowSecure
 
PDF
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
byNowSecure
 
PDF
A Risk-Based Mobile App Security Testing Strategy
byNowSecure
 
PDF
Android P Security Updates: What You Need to Know
byNowSecure
 
PDF
iOS 12 Preview - What You Need To Know
byNowSecure
 
PDF
5 Tips for Agile Mobile App Security Testing
byNowSecure
 
PDF
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
byNowSecure
 
PDF
What attackers know about your mobile apps that you don’t: Banking & FinTech
byNowSecure
 
PDF
Solving for Compliance: Mobile app security for banking and financial services
byNowSecure
 
PDF
Leaky Mobile Apps: What You Need to Know
byNowSecure
 
PDF
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
byNowSecure
 
PDF
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
byNowSecure
 
PDF
Next-level mobile app security: A programmatic approach
byNowSecure
 
iOS recon with Radare2
byNowSecure
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
byNowSecure
 
Android Q & iOS 13 Privacy Enhancements
byNowSecure
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
byNowSecure
 
Building a Mobile App Pen Testing Blueprint
byNowSecure
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
byNowSecure
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
byNowSecure
 
A Risk-Based Mobile App Security Testing Strategy
byNowSecure
 
Android P Security Updates: What You Need to Know
byNowSecure
 
iOS 12 Preview - What You Need To Know
byNowSecure
 
5 Tips for Agile Mobile App Security Testing
byNowSecure
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
byNowSecure
 
What attackers know about your mobile apps that you don’t: Banking & FinTech
byNowSecure
 
Solving for Compliance: Mobile app security for banking and financial services
byNowSecure
 
Leaky Mobile Apps: What You Need to Know
byNowSecure
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
byNowSecure
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
byNowSecure
 
Next-level mobile app security: A programmatic approach
byNowSecure
 

Recently uploaded

PDF
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
PDF
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
PDF
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PPTX
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
PDF
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
PDF
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
PPTX
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
PDF
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PDF
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PDF
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PDF
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
PDF
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 
"DISC as GPS for team leaders: how to lead a team from storming to performing...
byFwdays
 
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
5 Common Supply Chain Attacks and How They Work | CyberPro Magazine
byCyberPro Magazine
 

It's not about you: Mobile security in 2016

  • 1.
    IT’S NOT ABOUTYOU Mobile security in 2016
  • 2.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Connect with us Follow us on Twitter @NowSecureMobile — Subscribe to #MobSec5 our weekly mobile security news digest http://mobsec5.nowsecure.com/ — Visit our website https://www.nowsecure.com
  • 3.
    Sam Bakken Content MarketingManager @skbakken ● 7+ years marketing cybersecurity solutions ● Managing Editor, 2014 & 2015 Trustwave Global Security Report Email: sbakken@nowsecure.com © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
  • 4.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Contents ● It ain’t about you ● Pressing issues ● Leaky / risky apps ● Mobile fragmentation ● What do you need to do? ● Questions
  • 5.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
  • 6.
    Typical security defensesfail in mobile settings because they protect boundaries rather than the information itself, and mobile users do not respect traditional boundaries. Gartner: https://www.gartner.com/doc/3158326
  • 7.
    You’ve lost controlof the perimeter.
  • 8.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Pressing issues ● Dual-use devices (bring-your-own-device) ● Lack of administrative access and visibility ● Malware vs. legitimate leaky/risky apps ● Complex ecosystem of vendors ○ Fragmentation ○ Updates are slow, if they come at all In mobile security Malware Legitimate apps that leak sensitive data
  • 9.
    Cybersecurity and Cyberwar:What Everyone Needs to Know [The] market is fragmented, with multiple makers… each with a role in security but often lacking any sense of responsibility for it. “ ”
  • 10.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Announcements from Google last week 65billion 600 Apps downloaded from the Google Play store in the past year Android smartphone models launched in the past year
  • 11.
    © Copyright 2015NowSecure, Inc. All Rights Reserved. Proprietary information. The more popular an app (determined by downloads), the more likely it is to include a security flaw 1M-5M Downloads 5M-10M Downloads 37 % 46 % 50 % 100K-500K Downloads View the full report
  • 12.
    We kill peoplebased on metadata. General Michael Hayden, former director of the NSA and CIA
  • 13.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. The value of even seemingly trivial data PNAS Evaluating the privacy properties of telephone metadata
  • 14.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Android fragmentation as of August 2015 Android Fragmentation Visualized (August 2015) 24,093 DISTINCT DEVICES
  • 15.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Distribution of Android versions from NowSecure dataset
  • 16.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Prevalence of iOS versions from NowSecure Dataset
  • 17.
    So what canyou do about it?
  • 18.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Where does mobile risk originate?
  • 19.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. A simple formula for mobile security Vet apps to ensure they don’t exceed your risk threshold + Make sure apps are installed on healthy endpoints Secure apps on healthy endpoints Learn more about mobile endpoint security
  • 20.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Data you need to reduce uncertainty and increase visibility What do you know, and what do you not know 1 2 3 4 5 6 What devices do employees use? What OSs run on those devices? What vulnerabilities exist within those OSs? What apps do employees install on their devices? How risky or leaky are those apps? What destinations does your data travel to and is it encrypted?
  • 21.
    Let’s talk sbakken@nowsecure.com +1 312.878.1100 @skbakken Keeptabs on the state of mobile security. Subscribe to #MobSec5 - a collection of the week’s mobile news that matters. Subscribe to #MobSec5 now