The real target for cybercriminals today is not technology. It’s the employee. With security measures being increasingly more effective, often the only point of entry to a company’s network for a cybercriminal is via an employee. In addition, the mobility of employees and company data present a growing challenge.
While it is the IT department’s role to secure a business’ systems and data, many security weaknesses are unwittingly caused by these same people who are responsible for securing a network.
This, says Danny Myburgh, MD of Cyanre, is because the IT department’s main concern is to keep IT working, and because they are caught between the business needs of securing devices and data and the increasing demands for the mobility of the same.

“Research done by third-party experts found that the negative impact of mobile devices on security was not solely the result of the mobility, but because of a number of assumptions IT departments make.
“In today’s mobile business environment, the securing of devices such as laptops, tablets and mobile phones has become a priority, but many technology professionals neglect to think about the fact that the data carried on these devices isn’t contained as it would be in a centralised office environment,” Myburgh points out. “By assuming the data is in the data centre, IT becomes an unwitting accomplice of cybercriminals.”

IDC research shows that desktops/laptops represent the most serious concern for Data Loss Prevention (DLP), and that the endpoint represents a more immediate threat to data loss. IDC data also shows that mobility is the number one-factor driving new security spending, suggesting that more organisations are taking heed and beefing up security measures beyond their datacentre perimeters.

Myburgh adds that while the securing of mobile devices is increasingly climbing up IT’s agenda, these devices are still largely evaluated on the basis of the value of the device itself, rather than on the data they carry. “When a device is lost or stolen, the insurance claim only considers the value of the device, ignoring all the valuable data that was contained within the device,” he points out.
“The fact is that most often the value of the data on the device exceeds the value of the device itself.In addition, IT departments often treat laptops and mobile devices as company assets that are never used for personal use, believing that company data never finds its way to home systems.
“Today’s mobile employees access corporate networks and data from airport lounges, hotel rooms and
in-flight Internet connections -all of which are insecure.”

Using smartphones, laptops, USB memory sticks, CDs, backup tapes, cloud-based solutions, and data exchange interactions with business partners are standard business practices these days, and yet a disproportionate amount of time and money is spent reinforcing the data centre perimeter with technologies such as authentication, access management, firewalls and network intrusion prevention.
While these technologies are important, it is equally important to concentrate on where data currently resides: out on the endpoint.

“Use of managed anti-malware, anti-theft and privacy technologies for mobile devices is a good start to address protecting mobile data. Consideration of comprehensive security schemes that incorporate protection, detection and response are equally vital. The focus of many organisations is shifting to newer security technologies, but the overall number of malware incidents and infections continues to grow,” says Myburgh.
“An IDC survey found that 46% of organisations experienced an increase in malware incidents, while only 16% experienced a decrease. The SMB environment had the most dramatic difference, with 44% seeing an increase in malware and only 7% seeing a decrease.
“That means malware is still slipping through these enhanced prevention measures, demonstrating that increased emphasis must be paid to detection and response capabilities.”