Thursday 7 July 2016

Euro 2016 breaches [Link - Professional Security Magazine Online]

I was asked some questions around around breaches due to Euro 2016 mobile applications by Professional Security Magazine Online: 


During the 2016 UEFA European Championships, the SmartWire Labs Team at Wandera has been analysing the mobile data traffic patterns across its enterprise customers in the European countries that make up this year’s tournament. Wandera said that during the research period, the number of data leaks observed increased. The IT firm predicted this number will continue to rise as the tournament goes on as a result of more people travelling across Europe and using unfamiliar apps and websites to access match information. The company suggested that data leaks will peak in late June towards the end of Euro 2016, before going back to normal levels in late July.
The firm summed up that the increased data usage for the beginning of Euro 2016 was no surprise to anyone. The risks associated with this increase in traffic have implications. With more people travelling across Europe, using unfamiliar websites and apps, as well as the discovery that the official UEFA app is leaking data could all lead to serious security breaches with thousands of fans’ data being put at risk, according to the firm.

Andrew Tang, Service Director, Security at MTI Technology, spoke of two ways organisations can protect corporate data. The first is through a fleet of corporate devices, which can control what apps are installed and which websites can be visited. However, with fleets of devices becoming old-fashioned and bring your own device (BYOD) policies ever more common in the workplace, controlling what an employee uses their device for, has become more complex. Enterprise Mobility Management (EMM) platforms are key to protecting corporate data. By separating company information from the rest of the phone; including apps, emails and documents; employers can ensure that a ‘wall’ is created around sensitive information and as a result, can prevent infection from compromising data.

Can organisations prevent downloading of apps that leak data?
With a fleet of managed devices, this is less of a problem as companies can place restrictions on what apps can be downloaded. With BYOD however, employees can be free to download what they want to. Through a EMM platform, businesses can create a corporate app store that restricts what employees can use through the platform. This allows IT departments to restrict access to certain apps on Google Play or the Apple Store, ensuring that only approved apps are used to access corporate information, while still allowing employees are free to download whatever they wish to use on their device.

What are the best practices for protecting infrastructure during major sports events?
Public Wi-Fi is a particular threat when it comes to malware penetrating a mobile device. Open, password free Wi-Fi connections are not encrypted, which means that they are easy targets for hackers. For example, the WiFi Pineapple makes man-in-the-middle attacks easy. In this type of attack, a hacker sits in between the device and the Wi-Fi it is connected to in order take information away from the device. This is especially dangerous in foreign countries as some users try to make the most of avoiding having to pay roaming charges through free Wi-Fi. Education is key here. By informing employees of the dangers free and open Wi-Fi connections can pose, organisations can hopefully mitigate some of the threat. However, this is far from foolproof.

No comments:

Post a Comment