Mobile has become one of the fastest growing threat vectors in the security space.  The proliferation of Bring Your Own Device (BYOD) has brought with it new mobile threats and new multi-vector threats with a mobile component.  The traditional security perimeter has disintegrated before our very eyes, leaving organizations one rogue app away from a breach.  But a lot of FUD is on the scene, fuzzing the line between what is really a security problem with mobile.  Earlier today, FireEye published a blog post detailing a reported security flaw in iOS — the operating system that runs Apple mobile devices.  The moral for CISOs?  When it comes to mobile, you need a cover your apps (CYA), strategy.

The reported flaw allows an attacker to create rogue versions of apps that masquerade as a legitimate version of apps they use - via SMS, email, or web browsing.

This opens up the possibility of an attacker tricking the user into providing user credentials or other sensitive information to those rogue apps.  At first, this may not sound like the typical threat to the enterprise, but given the pervasiveness of mobile today, it’s important to understand the risk it presents.

Aside from carrying sensitive, confidential, and proprietary data, employees’ mobile devices are increasingly used to access enterprise applications hosted in the cloud.  Some examples of these applications include payroll, expense reporting, and CRM.  Imagine what an attacker could do if that attacker was able to steal the credentials and/or the data they unlock for these and other critical business applications.  There is a very real possibility of the attacker furthering his or her reach into the enterprise through social engineering, stolen credentials, and other means.

Although mobile is a serious threat vector for the enterprise today, there are steps organizations can take to help mitigate the risk.  These steps include, among others:

• Mandating controls (e.g., screen lock, account lockout, automated wipe, etc.) on mobile devices (including BYOD)
• Monitoring for rogue apps on mobile devices
• Monitoring for suspicious or malicious activity on mobile devices

Mobile is the next frontier in the threat landscape.  While technology, intelligence, and expertise are still emerging to counter the threat posed by mobile, there are steps that an organization can take in the interim.  One thing is for sure — the risk of mobile devices can be ignored no longer.