IT’S NOT ABOUT YOU
Mobile security in 2016
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Connect with us
Follow us on Twitter @NowSecureMobile
—
Subscribe to #MobSec5 our weekly mobile security news digest
http://mobsec5.nowsecure.com/
—
Visit our website https://www.nowsecure.com
Sam Bakken
Content Marketing Manager
@skbakken
● 7+ years marketing cybersecurity
solutions
● Managing Editor, 2014 & 2015 Trustwave
Global Security Report
Email: sbakken@nowsecure.com
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Contents
● It ain’t about you
● Pressing issues
● Leaky / risky apps
● Mobile fragmentation
● What do you need to do?
● Questions
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Typical security defenses fail in mobile
settings because they protect boundaries
rather than the information itself,
and mobile users do not respect
traditional boundaries.
Gartner: https://www.gartner.com/doc/3158326
You’ve lost control of the perimeter.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Pressing issues
● Dual-use devices (bring-your-own-device)
● Lack of administrative access and visibility
● Malware vs. legitimate leaky/risky apps
● Complex ecosystem of vendors
○ Fragmentation
○ Updates are slow, if they come at all
In mobile security
Malware
Legitimate apps
that leak
sensitive data
Cybersecurity and Cyberwar: What Everyone Needs to Know
[The] market is fragmented, with multiple makers…
each with a role in security but often lacking any
sense of responsibility for it.
“
”
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Announcements from Google last week
65billion 600
Apps downloaded from
the Google Play store in
the past year
Android smartphone
models launched in the
past year
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information.
The more popular an app (determined by downloads), the
more likely it is to include a security flaw
1M-5M
Downloads
5M-10M
Downloads
37
%
46
%
50
%
100K-500K
Downloads
View the full report
We kill people based on metadata.
General Michael Hayden, former director of the NSA and CIA
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
The value of even seemingly trivial data
PNAS Evaluating the privacy properties of telephone metadata
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Android fragmentation as of August 2015
Android Fragmentation Visualized (August 2015)
24,093
DISTINCT DEVICES
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Distribution of Android versions from NowSecure dataset
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Prevalence of iOS versions from NowSecure Dataset
So what can you do about it?
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
Where does mobile risk originate?
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
A simple formula for mobile security
Vet apps to ensure they don’t
exceed your risk threshold
+
Make sure apps are installed on
healthy endpoints
Secure apps on healthy endpoints
Learn more about mobile
endpoint security
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
Data you need to reduce uncertainty and increase visibility
What do you know, and what do you not know
1
2
3
4
5
6
What devices do
employees use?
What OSs run on
those devices?
What vulnerabilities
exist within those OSs?
What apps do employees
install on their devices?
How risky or leaky are
those apps?
What destinations does your data
travel to and is it encrypted?
Let’s talk
sbakken@nowsecure.com
+1 312.878.1100
@skbakken
Keep tabs on the state of mobile security. Subscribe to #MobSec5
- a collection of the week’s mobile news that matters.
Subscribe to #MobSec5 now

It's not about you: Mobile security in 2016

  • 1.
    IT’S NOT ABOUTYOU Mobile security in 2016
  • 2.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Connect with us Follow us on Twitter @NowSecureMobile — Subscribe to #MobSec5 our weekly mobile security news digest http://mobsec5.nowsecure.com/ — Visit our website https://www.nowsecure.com
  • 3.
    Sam Bakken Content MarketingManager @skbakken ● 7+ years marketing cybersecurity solutions ● Managing Editor, 2014 & 2015 Trustwave Global Security Report Email: sbakken@nowsecure.com © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information.
  • 4.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Contents ● It ain’t about you ● Pressing issues ● Leaky / risky apps ● Mobile fragmentation ● What do you need to do? ● Questions
  • 5.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute.
  • 6.
    Typical security defensesfail in mobile settings because they protect boundaries rather than the information itself, and mobile users do not respect traditional boundaries. Gartner: https://www.gartner.com/doc/3158326
  • 7.
    You’ve lost controlof the perimeter.
  • 8.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Pressing issues ● Dual-use devices (bring-your-own-device) ● Lack of administrative access and visibility ● Malware vs. legitimate leaky/risky apps ● Complex ecosystem of vendors ○ Fragmentation ○ Updates are slow, if they come at all In mobile security Malware Legitimate apps that leak sensitive data
  • 9.
    Cybersecurity and Cyberwar:What Everyone Needs to Know [The] market is fragmented, with multiple makers… each with a role in security but often lacking any sense of responsibility for it. “ ”
  • 10.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Announcements from Google last week 65billion 600 Apps downloaded from the Google Play store in the past year Android smartphone models launched in the past year
  • 11.
    © Copyright 2015NowSecure, Inc. All Rights Reserved. Proprietary information. The more popular an app (determined by downloads), the more likely it is to include a security flaw 1M-5M Downloads 5M-10M Downloads 37 % 46 % 50 % 100K-500K Downloads View the full report
  • 12.
    We kill peoplebased on metadata. General Michael Hayden, former director of the NSA and CIA
  • 13.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. The value of even seemingly trivial data PNAS Evaluating the privacy properties of telephone metadata
  • 14.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Android fragmentation as of August 2015 Android Fragmentation Visualized (August 2015) 24,093 DISTINCT DEVICES
  • 15.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Distribution of Android versions from NowSecure dataset
  • 16.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Prevalence of iOS versions from NowSecure Dataset
  • 17.
    So what canyou do about it?
  • 18.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Where does mobile risk originate?
  • 19.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. A simple formula for mobile security Vet apps to ensure they don’t exceed your risk threshold + Make sure apps are installed on healthy endpoints Secure apps on healthy endpoints Learn more about mobile endpoint security
  • 20.
    © Copyright 2016NowSecure, Inc. All Rights Reserved. Proprietary information. Do not distribute. Data you need to reduce uncertainty and increase visibility What do you know, and what do you not know 1 2 3 4 5 6 What devices do employees use? What OSs run on those devices? What vulnerabilities exist within those OSs? What apps do employees install on their devices? How risky or leaky are those apps? What destinations does your data travel to and is it encrypted?
  • 21.
    Let’s talk sbakken@nowsecure.com +1 312.878.1100 @skbakken Keeptabs on the state of mobile security. Subscribe to #MobSec5 - a collection of the week’s mobile news that matters. Subscribe to #MobSec5 now