Optimum security for increasing numbers of devices
The number of IT devices in corporations is trending in just one direction—straight up. At the same time, however, IT departments are being streamlined, with administrators juggling numerous projects in addition to their daily duties. Combined management and security software makes everything manageable.
Whether or not their company uses a “Bring your own device” policy, employees today are using more IT devices than ever before.
According to a survey carried out by Kaspersky Lab of 3,300 companies worldwide, almost 80 per cent of companies expect to see an increase in the number of IT devices used by their employees over the next year. Around 44 per cent expect up to 10 per cent more devices, 27 per cent expect an increase of 10 to over 50 per cent, and 8 per cent of the companies surveyed expect a large increase of more than 50 per cent. A further 16 per cent of companies expect their device count to remain stable, while just 4 per cent assume that the number of IT devices will decrease over the next year. First and foremost, this means more work for administrators. All these additional devices must not only be managed, but also incorporated into corporate security strategies.
Additional Requirements
Only rarely does adding more IT devices mean setting up more on-site workstations. In most cases, the devices used are laptops, tablets or smartphones. As these are used not just at employees’ desks, but also on the road, at customers’ premises and at home, they place additional demands on IT security. If something goes wrong, administrators often find themselves having to provide remote assistance. Only a small percentage of the devices for which administrators are responsible are actually inside company walls. The rest may be scattered around the globe. A few years ago, only globally active companies with multiple branches in different countries had to deal with these issues. Today, however, even small companies, particularly SMEs, are affected by them. Companies in this category, however, frequently find large enterprise management solutions too complex.
Counteract Loss of Control
Companies cannot, however, allow control over their devices to slip out of their hands. The situation is further complicated by the fact that very few companies are increasing their IT budgets -quite the opposite. Looking at human resources development for IT administrators shows that cuts are being made in multiple areas. Whereas, in 2011, 24 per cent of the companies surveyed had 250 (or more) IT employees, in 2012 this figure was just 15 per cent. This consolidation is affecting companies of all sizes, meaning that fewer and fewer employees must keep ever-increasing numbers of IT devices running smoothly and securely. To prevent this task from spelling disaster for companies, IT administrators must become more productive. A combination of management and security software is recommended.
The Global Picture of Mobile Security
It’s important to remember that mobile devices are still computers and bring with them similar threats to desktop computers. The majority of technological mobile malware threats, like their desktop-computer cousins, are universal in their reach. Backdoor Trojans, password-stealing Trojans and Trojan spies are as prevalent in all regions.
However, there are some differences in regional economics and, subsequently, human attitudes. In regions such as North America and Western Europe where IT is well established as a business tool, there tends to be less naivety about, and therefore, susceptibility to, malware threats, both in general and as applied to mobile devices.
In addition, the greater regulatory powers present in regions such as Western Europe make one specific threat less common: mobile SMS Trojans. Once these Trojans infect a mobile device, they silently send SMS messages to a premium-rate number (in which the Trojan creator will have a stake and, therefore, a revenue stream).
In the UK, the premium-rate-phone-number watchdog Phone Pay Plus requires anyone wishing to operate such a number to complete a rigorous registration process to help ensure that operators are genuine and not scammers. Subsequently, attacks of this kind are significantly lower in the UK than in, for example, Russia, China and some other Far East countries where regulation of premium-rate numbers is less developed.
But the West is not always the safest region. Another difference on a global scale comes as a result of malware creators following the patterns of human behaviour. Two-factor authentication for online banking is more prevalent in developed countries than in other regions and, subsequently, so is the threat from malware that aims to intercept mobile transaction authentication numbers (MTANs).
Simple Management, Perfect Security
The words “system management” tend to send shivers down administrators’ spines, with many assuming that they refer to complex and overblown software for major corporations. This is, however, not necessarily the case. The best solution for small and medium-sized companies combines device management with the latest security technology and features a unified interface to enable the management of workstations, laptops and smartphones.
Solutions that allow administrators to adjust devices’ security configurations directly from this interface, when applying patches or checking malware warnings, for example, provide added value. The software should support administrators in these areas by providing automation and templates.
Security managers must be aware of threats not just on a global scale but also of how the economics and behaviour patterns of their own regions affect the type of threats they are most likely to see. Then choose the best solution to meet these needs.
David Emm
Senior Security Researcher
Kaspersky Lab
