The prevalence and severity of mobile-related compromises continues to escalate in 2022. Perhaps even more interesting is that small and medium-sized businesses perceived the risk to be more significant compared to those from larger organisations (73% vs 60% respectively).
On a more positive note, the rise in cyber threat awareness has also seen a rise in cybersecurity budgets among 77% of respondents to the Verizon 2022 Mobile Security Index report.
The research found that companies are now spending more evenly across the give National Institute of Standards and Technology (NIS) Cybersecurity Framework.
With 2023 just around the corner, 77% of respondents expect the budgets to increase in the coming 12 months.
FutureCISO spoke to Don Tan, senior director for APAC at Lookout for his take on evolving mobile security landscape in Singapore and other ASEAN markets.
State of mobile security awareness both in Singapore and ASEAN
There's a growing awareness, however, we still see the news reporting about phishing and scams. Based on my observation, 9 out of 10, don't have any security on their devices.
Our phones contain a trove of information, including our banking information, social security numbers and fingerprint. Yet, individuals don’t secure it.
When it comes to securing mobile devices (or lack thereof) who is at fault?
Most people have a misconception that their phones are safe. Looking at the trends over the last 24 months, many critical major vulnerabilities were detected within iOS. Recently, Apple just released another emergency fix.
Most common mobile security threats
The most obvious one is phishing or smishing as most people won’t verify truncated URLs. Phishing is the first step that gets hackers into the phone. They then do a reconnaissance, penetrate, and execute the attack.
Securing mobile devices without impacting user experience
The weakest link is often the end user. Lookout can process four and a half billion URLs and 100,000 new mobile applications a day. When a device which has installed Lookout detects a zero-day vulnerability, the data will be shared across the 200 million users without any human intervention, through artificial intelligence and machine learning.
Adoption of Security Service Edge (SSE)
SSE is the next generation of security approach to traditional perimeter defence. SSE secures the data depository no matter where it is and thus it can protect the data and user where it goes.
However, in Asia SSE adoption remains in its infancy. There is still a lot of evaluation going around there. Awareness (and concern) around data leakage, and regulatory requirements, are pushing companies to evaluate SSE technologies.
A warning on SSE solutions in the market today
If you are looking for an SSE solution, you would want to find a provider that can offer a single platform that is native to the cloud. But as with all buzzwords, be aware that companies are trying to fit products and solutions into their portfolio. It (referring to solutions) is like a jigsaw puzzle where vendors try to stuff together products to deliver an SSE solution.
Look for fundamentals
I think the key thing is to look for a vendor with a single platform that has multiple modules. Modules that can address each of your specific requirements, and then allow you to scale.
You should be looking for complete end-to-end coverage, including endpoint, the ability to manage the cloud, the ability to manage on-prem and public cloud applications, and able to address data leakage. These are the four fundamental components of any SSE solution.
Best-of-breed does not apply to SSE?
Most security professionals have always pitched the best-of-breed solutions (approach to security). The challenge we face today is that there are a lot of moving parts, i.e., in addition to SSE, you also must consider cloud service providers including the SaaS solutions you are using, endpoints you are using and how they connect to the data centre, integrating legacy systems.
"With SSE, you need a single platform that becomes the controller that integrates all these different technologies together. Having a single platform allows you to create a single policy that is applied to all the various modules – endpoints, SaaS solutions, zero trust network architectures, etc."
Don Tan
Besides having a single pane of glass for policy creation, reporting, logging, and forensics, it just makes access, configuration, and deployment so much easier.
Solving the skills shortage
One of the outcomes of having multiple, complex solutions is the need to have experts to manage these in isolation. You have someone responsible for endpoint devices, another for applications that sit in the cloud, still another for the data centre, and a security person that administers the cloud.
Getting these to work together and deciding who is responsible or what further adds complexity.
Click on the PodChat player for more details about the above responses by Tan.
- What is the state of mobile security awareness in Singapore and ASEAN?
- What are the most common security threats to mobile devices in 2022?
- Why is it important to secure mobile endpoints and what does it do beyond perimeter security to help employees to be productive yet safe?
- What is a Security Service Edge (SSE) platform and its benefits for organisations?
- What is your advice for organisations considering adopting SSE solutions?
- When it comes to SSE, is a single source better than best of breed?
- In all our discussions on SSE, what does Lookout bring to the table?
