Cloud Native

Why mobile security must be a strategic focus in 2024: Zimperium Report

Krishna Vishnubhotla, VP of Product Strategy at Zimperium, discusses the Zimperium’s 2024 Global Mobile Threat Report and the evolution of mobile security. He highlighted the shift from security being an afterthought to a board-level priority, emphasizing the need for visibility and informed security decisions.
Swapnil BhartiyaBy
0

The exponential growth of mobile devices, such as smartphones and tablets, with access to essential business applications and data has empowered and enhanced productivity for workers and enterprises globally. In this episode, Krishna Vishnubhotla, VP of Product Strategy at Zimperium, discusses the Zimperium’s 2024 Global Mobile Threat Report that sheds light on the evolving challenges in mobile security, emphasizing the complexities enterprises face when safeguarding their mobile environments.

The report identifies three main risk areas: platform security, app security, and cyber hygiene. Key findings include the rise of phishing and mission phishing on mobile devices, with financial services and healthcare being major targets. Vishnubhotla talks about the shift of mobile security from an afterthought to a strategic priority, the importance of visibility in security decisions, and the pressing need for secure coding practices and cultural change to strengthen organizational resilience, stating “Security needs to be aligned with risk, and that’s where we’re adding a ton of value.”

Zimperium’s focus on mobile security and evolution

  • Vishnubhotla explains that Zimperium focuses on safeguarding enterprise mobile devices, ensuring that apps are secure, compliant, and resilient, all while keeping up with rapidly changing threats that compromise data integrity and user privacy.
  • Vishnubhotla notes the evolution in mobile security requirements, particularly the rise of super apps that combine functions like communication, commerce, and collaboration, which adds complexity to securing mobile platforms at scale.

The mobile security landscape and developer challenges

  • Vishnubhotla discusses how enterprises now recognize the complexities and evolving external threats tied to mobile security, stressing that proactive management is key to avoiding breaches and minimizing vulnerabilities.
  • Many developers still view security as an obstacle that slows down development processes, which creates a critical need for tools that improve visibility and integrate security seamlessly into app development without hindering innovation.
  • Vishnubhotla emphasizes that mobile-specific security threats cannot be addressed with generic standards. There is a need for a nuanced approach that aligns security practices with specific risks rather than relying on broad, one-size-fits-all guidelines.

Key insights from the Global Mobile Threat Report

  • Vishnubhotla outlines the goal of the Global Mobile Threat Report, which aims to dispel misconceptions surrounding mobile security and offer actionable insights that can help both security leaders and developers make informed decisions to mitigate risks.
  • The report identifies three primary areas of risk: the mobile platforms themselves (iOS and Android), the apps installed on devices (whether enterprise-developed or third-party), and the overall cyber hygiene practices of users.
  • Enterprises need to fully understand their mobile “footprint”, meaning the unique set of devices, apps, and user behaviors that their workforce relies on, so they can better address risks specific to their organization and the data they handle.
  • The report serves as a foundational resource for enterprises, offering them clear guidance on how to begin addressing mobile security risks and implementing strategies that can reduce potential exposure to threats.

New threats and industry-specific security concerns

  • Vishnubhotla delves into the financial motivations driving threat actors. Mobile devices have become prime targets for phishing attacks, which exploit the convenience of the platform and user behaviors that may not always be aligned with security best practices.
  • Vishnubhotla explains the concept of “mission” phishing, and how mobile device design increases the likelihood of users falling victim to phishing attempts, often due to the platform’s streamlined interface and the ease with which malicious content can be delivered.
  • Vishnubhotla highlights the importance of understanding the unique risks faced by different industries, such as finance, entertainment, and healthcare, where mobile security risks are particularly acute due to the nature of sensitive data they handle.
  • Healthcare, in particular, faces unique challenges with the rise of mobile device usage. The growing prevalence of mobile access to patient data has exposed healthcare organizations to phishing and ransomware attacks that could disrupt critical operations.

Zimperium’s role in enhancing enterprise mobile security

  • Zimperium helps enterprises ensure secure mobile access by conducting on-demand device checks before allowing access to sensitive data, ensuring that only secure, trusted devices can interact with the corporate network.
  • Vishnubhotla stresses the importance of building “self-defending” mobile applications that can autonomously detect and protect themselves from external threats and malware, significantly reducing the risks of attacks targeting mobile devices.
  • Zimperium offers solutions that strike a balance between security and performance, ensuring that security protocols do not compromise the user experience, thereby maintaining productivity without sacrificing protection.
  • A cultural shift within organizations can drive stronger security postures, with increased visibility into potential threats and better education on security practices that empower teams to respond to emerging risks.

Strategic advice for security leaders and post-COVID security concerns

  • Security leaders need to begin their security initiatives with improved visibility and an in-depth understanding of their organization’s specific threat model, as this knowledge is essential to making informed decisions about which security measures to implement.
  • Vishnubhotla emphasizes that mobile security must be addressed on both the device and app levels, noting that a comprehensive strategy that considers risks from both angles is necessary to protect data across the mobile enterprise.
  • COVID-19 has had a long-lasting impact on mobile security, especially with the rapid increase in third-party business productivity apps. He underscores the need for continuous vetting and security checks to ensure these apps remain secure over time.
  • Vishnubhotla advises organizations to prioritize endpoint protection, whether for mobile or desktop devices, as more apps access the enterprise network remotely, requiring a layered approach to ensure all endpoints are properly secured against emerging threats.

Guest: Krishna Vishnubhotla
Company: Zimperium
Show: Let’s Talk

This summary was written by Emily Nicholls.

LF Energy’s key 2024 priorities | Alex Thornton

Previous article

AI remains the hot topic at KubeCon | Shaun O’Meara, Mirantis

Next article

You may also like