The risks presented by the endpoint are a growing concern in government data security. This past month, The National Institute of Standards and Technology (NIST) released draft publications on how to securely support the growing use of mobile devices and telework at federal agencies, following research that indicates the problem of gaining visibility into the endpoint. This past week, the risks of mobile devices in federal agencies was again addressed at the annual Federal Information Systems Security Educators’ Association (FISSEA) conference.
American Military University (AMU) professor and cybersecurity expert, Dr. Karen Paullet, was a guest speaker at the FISSEA conference, presenting on “Mobile Devices and the Internet of Things.” In her presentation, as recounted on In Homeland Security, Dr. Paullet talked about the growth of mobile devices and other connected endpoints, which are a growing issue for organizations and federal agencies alike. Dr. Paullet warned that the struggles with securing data on the endpoint are only going to increase.
But the greater concern is what are employees doing with these mobile devices, which is most likely to be the same, whether the device is being operated at home or in the office. From sharing latitude- and longitude-embedded personal photos with colleagues and friends, auto-connecting to public Wi-Fi while grabbing coffee at Starbucks on the way to work, and downloading free apps that build digital dossiers on users for companies and potential hackers to mine—the line between official office and personal mobile devices among employees is blurring.
“If these devices aren’t adequately protected and smarter organizational policies aren’t put into place, then data theft of both the individual user and their employers will increase. More enterprise systems will be jeopardized,” Dr. Paullet warned.
Statistics reveal these threats are already an issue for organizations and federal agencies alike. One recent survey suggests one in five organizations has suffered a data breach directly related to a mobile security incident, primarily malware and malicious WiFi, while other reports suggest that exploited mobile devices account for one third of cyber security incidents. Combined with the rise of the insider threat from malicious, negligent or unsuspecting employees, it’s now easier than ever for data to be put at risk, and more costly than ever too. These issues will only increase as the number of devices in use expands, further contributing to a growing attack surface that could be exploited by cyber criminals.
Recently, a study from MeriTalk and Palo Alto Network examines the “Endpoint Epidemic” in federal agencies, noting that 44% of government endpoints are either unknown or unprotected and a third of network-connected devices have been infected with malware. Nearly half of employees surveyed use personal devices without even reviewing BYOD policies (if they exist). The survey further revealed that more than half of federal agencies mistakenly believed their current policies for endpoint security were effective, an overconfidence that clearly contradicts the current risk landscape.
Delivering on the promise of data security while working with government agencies is more challenging than ever before. It’s vital that government agencies know where all endpoints are (including BYOD devices) and that data is constantly protected, with alerts to any irregularities to hardware, software or user behavior. Government customers trust Absolute as a proven partner and a technology leader in persistent endpoint security and data risk management, providing unprecedented visibility into the endpoint. Learn more about Absolute’s solutions to address data security and mobility in the public sector here.