Most enterprises, when addressing mobile security, focus on securing applications, such as the devices' operating systems, or preventing the installation of malware. But the cybersecurity experts at the National Institute of Standards and Technology say organizations should take a much broader approach to ensuring mobile security.
Referring to the need to address the risks posed by cellular networks and other elements of the mobile infrastructure, NIST Cybersecurity Engineer Joshua Franklin says: "There is this whole other side of a mobile device that has its own complex hardware, firmware, software and network protocols that need to be addressed." Franklin co-authored the recently released draft report, Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue.
NIST earlier this month published the 50-page document, also known as Interagency Report 8144, that encourages organizations to take a broader approach to mobile security. NIST mobile security experts call on enterprises to adopt a new perspective on mobile security by extending their view to encompass the entire mobile security ecosystem, which includes threats that occur through cellular networks, cloud computing infrastructure and app stores.
"Often IT shops or security managers will address or secure the apps on a phone and protect the operating system from potential threats," Franklin said. "But there is a much wider range of threats that need to be addressed. For example, enterprise security teams often don't focus on the cellular radios in smartphones, which, if not secured, can allow someone to eavesdrop on your CEO's calls."
No comments:
Post a Comment