Seth Hardy over at Appthority has an interesting post this week, discussing how a focus on malware protection can cause enterprises to miss the threat of data leakage from legitimate public store apps. And a new case study from Lookout, describing how their solution addressed customer objectives that include reducing customer data leakage risks, also addresses this emerging threat vector.
I see this as a positive trend, as more vendors and enterprises focus on what's important: protecting corporate data.
In talking about mobile data leakage, I find that people often confuse that with data loss protection (DLP). The issues are similar, in that they focus on data loss, but they address completely different problems. It's worth a brief outline of each threat scenario to clarify:
When enterprises talk about defense in depth, DLP often represents the last line of defense. If an attack breaches NGFW, IDS/IDP and CASB protections and eludes breach detection systems, it will ultimately attempt to exfiltrate data. DLP solutions are designed to detect and possibly block the exfiltration, and among other features it may recognize bulk transfer of SSNs or credit card numbers that have been aggregated in an internal data set. The large data set was the ultimate target of the attackers, who had to circumvent a number of enterprise defenses to access it.
Mobile data leakage is different. In this case aggregation takes place outside of the enterprise infrastructure in a backend server or a cloud storage system. The data set in this case may contain personally identifiable information (PII) for thousands of employees, or it may contain sensitive corporate information. This could be the backend for an app that was deployed enterprise wide, such as CRM, ERP, endpoint security, or an internal productivity app. If a malicious actor intends to access such sensitive information, it's far more feasible that a cloud server could be breached than that thousands of mobile devices could be successfully attacked with malware. And in this example, the enterprise-wide app has already done the heavy lifting of collecting such information into a single file system or database. There's ample evidence that mobile app developers can be lax when it comes to cloud-based storage security, so the threat is amplified due to the ease with which the database can be breached. That's why mobile data leakage is a rising concern.
The biggest challenge for enterprises is that use of mobile devices creates new threats to corporate data. Attackers usually choose the path of least resistance, and exposed data in the wild represents an easy exploit.
I see this as a positive trend, as more vendors and enterprises focus on what's important: protecting corporate data.
In talking about mobile data leakage, I find that people often confuse that with data loss protection (DLP). The issues are similar, in that they focus on data loss, but they address completely different problems. It's worth a brief outline of each threat scenario to clarify:
When enterprises talk about defense in depth, DLP often represents the last line of defense. If an attack breaches NGFW, IDS/IDP and CASB protections and eludes breach detection systems, it will ultimately attempt to exfiltrate data. DLP solutions are designed to detect and possibly block the exfiltration, and among other features it may recognize bulk transfer of SSNs or credit card numbers that have been aggregated in an internal data set. The large data set was the ultimate target of the attackers, who had to circumvent a number of enterprise defenses to access it.
Mobile data leakage is different. In this case aggregation takes place outside of the enterprise infrastructure in a backend server or a cloud storage system. The data set in this case may contain personally identifiable information (PII) for thousands of employees, or it may contain sensitive corporate information. This could be the backend for an app that was deployed enterprise wide, such as CRM, ERP, endpoint security, or an internal productivity app. If a malicious actor intends to access such sensitive information, it's far more feasible that a cloud server could be breached than that thousands of mobile devices could be successfully attacked with malware. And in this example, the enterprise-wide app has already done the heavy lifting of collecting such information into a single file system or database. There's ample evidence that mobile app developers can be lax when it comes to cloud-based storage security, so the threat is amplified due to the ease with which the database can be breached. That's why mobile data leakage is a rising concern.
The biggest challenge for enterprises is that use of mobile devices creates new threats to corporate data. Attackers usually choose the path of least resistance, and exposed data in the wild represents an easy exploit.
No comments:
Post a Comment