Mobile Security: Preparing for the 2017 Threat Landscape

ISMG SECURITY EXECUTIVE ROUNDTABLESPONSORED BY BLACKBERRY

For years, security researchers and leaders have warned: “The mobile threat is coming.” Well, in 2016 it arrived in full force. Attackers are finding new, creative means of stealing user credentials and penetrating critical systems via the mobile channel. And healthcare entities—with an increasingly mobile workforce and patient population—are square in the middle of this expanding mobile threatscape, as attackers seek to capture and monetize critical healthcare data.

What are the most prevalent new threats, and what are leading organizations doing to bolster mobile security as we head into 2017?

Welcome to this exclusive executive roundtable discussion on Mobile Security: Preparing for the 2017 Threat Landscape.

This invitation-only roundtable will draw upon insight from new mobile security research developed by BlackBerry Limited, which finds that 37 percent of healthcare organizations do not believe their current mobile device security strategies are sufficient. Through an interactive discussion of threats, strategies and solutions, attendees will tackle topics such as:

• Top mobile threats to healthcare organizations;• The most important elements of an effective mobile security

strategy;• How to overcome resistance by users who view mobile

security controls as an obstruction.

In addition to the peer-to-peer dialogue, benefit from BlackBerry’s new mobile security research, which reveals:

• 73 percent of organizations have a mobile security strategy in place, but only 3 percent say they have implemented the highest levels of security;

• 82 percent of executives say mobile security precautions cause at least some frustration among employees;

• 44 percent fear that too much mobile security will prevent employees from doing their jobs.

You’ll have the opportunity to discuss this evolving mobile threat landscape with a handful of senior executives and market leaders in an informal, closed-door setting, from which you will emerge with new strategies and solutions you can immediately put to work.

Introduction

Key Takeaway: Through interactive dialogue, understand how your peers are tackling emerging mobile security threats. Walk away with new insights and ideas about the threat landscape and how to prepare to tackle it in 2017.

Mobile Security: Preparing for the 2017 Threat Landscape 2

Discussion PointsAmong the questions to be presented for open discourse:

• How do you assess the state of mobile security at your organization today?

• What points stand out to you from the mobile security research that was just shared?

• What do you see as the top mobile security threats to your organizations heading into 2017?

• What level of resistance do you face from your own end users, who see security as an obstruction?

• How do you counter this resistance?

• What are the key elements of your mobile security strategy for 2017?

• What types of investments will you make to fulfill that strategy?

Mobile Security: Preparing for the 2017 Threat Landscape 3

About the ExpertJoining our discussion today, to share the latest insights and case studies on mobile security, is:

Sinisha PatkovicVP Government Solutions,BlackBerry Limited

Patkovic leads a global team with the remit that the BlackBerry security product offering remains relevant to both commercial and public sector organizations’ evolving set of needs. He has been working on secure communications projects with many federal governments and has been actively engaged in the dialog on emerging issues spanning cybersecurity, ecommerce, and privacy.

About BlackBerryBlackBerry secures, connects and mobilizes the enterprise. For today’s enterprise of things, BlackBerry provides devices and a software platform that enables and manages security, mobility and communications between and among hardware, programs, mobile apps and the internet of things. Founded in 1984 and based in Waterloo, Ontario, BlackBerry operates in North America, Europe, Middle East and Africa, Asia Pacific and Latin America. The Company trades under the ticker symbols “BB” on the Toronto Stock Exchange and “BBRY” on the NASDAQ.

For more information, visit www.BlackBerry.com.

Mobile Security: Preparing for the 2017 Threat Landscape 4

About the ModeratorLeading our discussion today is:

Mathew SchwartzExecutive Editor, Information Security Media Group

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday, and European News Coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.

About ISMGInformation Security Media Group (ISMG) is the world’s largest media organization devoted solely to information security and risk management. Each of our 28 media properties provides education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Our annual global Summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

For more information, visit www.ismgcorp.com.

Mobile Security: Preparing for the 2017 Threat Landscape 5

NOTE: In advance of this event, ISMG’s Mathew Schwartz spoke with BlackBerry’s Sinisha Patkovic about mobile security. Here is an excerpt of that conversation.

Research HighlightsMATHEW SCHWARTZ: BlackBerry recently conducted some mobile security research. What would you say are some of the highlights of this study?

SINISHA PATKOVIC: We do studies as frequently as we can to understand what the market is asking and what new features, new products and areas of innovation we need to work on. We’re currently in a strong innovation cycle, with some of our new products having to do with mobile security and the internet of things, as well as helping enterprises in general do more with less but in a very secure manner.

We’ve found that the threat landscape has been changing over the past few years. Recently, we’ve seen one of those interesting new IoT attacks which essentially bridge the omnipresence of devices connected to the internet. As we have more and more of these devices connected inside and outside the enterprise, getting these comprehensive tools put into place by enterprise IT is more critical than ever. This is pretty much in the center of our interest.

Mobile Security Threats SCHWARTZ: What do you see as some of the top mobile security threats?

PATKOVIC: There is a huge variety of business in the UK, both public and private sector, from small ones with very small IT shops to large ones with sophisticated, layered enterprise IT organizations. And each one deals with mobile security threats differently.

Two things come to mind when we talk to organizations across all sectors. One is that all of them actually have a lot of extremely sensitive information, and they want to do everything in their power to protect them. At the same time, they need to share that data. So, they struggle with the challenge of collaborating effectively while not losing that important control.

Two, organizations have become very conscious of the many computerized and interconnected tools and devices they use,

all of which generate data. These tools and devices can be compromised through vulnerabilities in supply chains or while in operation. Either scenario can take out critical IT systems and put data at risk.

As you can see, there is a desperate need for better, more secure workflows during all of these processes.

CONTEXT

Discussion PointsQ&A with Sinisha Patkovic of BlackBerry on Mobile Security

“[H]ealthcare organizations have become very conscious of the many computerized and interconnected tools and devices they use, all of which generate data.”

Mobile Security: Preparing for the 2017 Threat Landscape 6

User ResistanceSCHWARTZ: How can security leaders overcome this resistance from end users who sometimes see security as an obstruction to them being able to do their jobs?

PATKOVIC: You’ve just asked one of the most fundamental IT security questions. And the answer to it is in the transparency and the ease of use of security. Usability will win over anything that’s thrown at the users. Users, typically, will go with the least resistance, no matter what.

When organizations deploy secure file sharing systems, their employees suddenly start accessing files from their phones, desktops and laptops and share documents with their internal colleagues as well as with their peers at other agencies. And they can do so without fear of losing control. When employees realize they can provision a document for sharing—or revoke that access once it’s no longer needed—with a touch or a flick, they are more effective and productive, and organizations are safer overall.

Mobile Security StrategySCHWARTZ: In today’s landscape, what are the key elements of a mobile security strategy?

PATKOVIC: Organizations want to make sure security is baked in at both the device and application level and layered in throughout. That means they want ease of application deployment, and they want ease of use in both corporate-owned devices, as well as BYOD. They want simplicity and consistency of interface, but most importantly, they want a really high level of security.

One of the biggest trends in today’s landscape, therefore, is supplying easy to use, two-factor authentication over an application container. This means you can bring your own device to the enterprise and have it provisioned on the fly. You can access your corporate apps whether you’re an employee or coming from the outside as a partner. Your apps are pushed

to you on the fly, via two-factor authentication that’s easy to revoke once you no longer need that access. Having that ease of deployment for IT and ease of use for the end user is a win-win strategy.

SCHWARTZ: Talk to me a little bit about BlackBerry. How are you helping your customers respond better to today’s mobile threats?

PATKOVIC: Strategic mobility is the primary theme with our customers today. We’re past the time when MDM or simplistic EMM is sufficient. Shops that just deploy MDM controls see little return on investment because their end users are unhappy with its limited functionality. For instance, if your MDM tooling doesn’t keep work and personal mailboxes segregated, you could lose personal data on doctors’ BYOD devices if you have to remove them or wipe them. Or worse, if your tooling does not allow for work-specific access control, you will have to enforce a lock on the entire device. This causes staff to be unable to respond to personal or other emergencies outside of the organization whenever their phone is locked, and your Help Desk will get swamped with high-priority user calls.

We’ve done a tremendous amount of work on bringing together the most comprehensive portfolio in terms of security and enterprise mobility. It enables our customers to very quickly create a secure, strategically protected mobile environment. We help them devise a strategic path for them to secure their mobile enterprise. We offer a very comprehensive and layered portfolio that encompasses EMM, MDM, file sharing, container systems, and two-factor authentication, all of which can work across all devices in all modes of operation. They need just one tool set to run, subscribe to and administer different sets of controls and strategies to all of their various departments.

And the customers can really go and pick different departments in their organization and deploy different sets of controls and strategies for each with only one tool set —one tool set to run, one tool set to subscribe to, and one tool set to administer.

Since January of 2016, we’ve won contracts with 11 out of 43 U.K. law enforcement agencies both in terms of switching from competitive solutions and in terms of operating their suites with the latest BlackBerry Enterprise Portfolio, which encompass EMM tools, file-sharing and real-time secure chat, among other tools. Our customers realize the opportunity we can provide them and leverage our portfolio to provide their organization with a sustainable mobile strategy that protects against threats and improves productivity for the next several years. n

“Usability will win over anything that’s thrown at the users. Users, typically, will go with the least resistance, no matter what.”

Mobile Security: Preparing for the 2017 Threat Landscape 7

902 Carnegie Center • Princeton, NJ • 08540 • www.ismgcorp.com

About ISMG

Information Security Media Group (ISMG) is the world’s largest media organisation devoted solely to information security and risk management. Each of our 28 media properties provides education, research and news that is

specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Our annual global Summit series connects senior security professionals with industry thought leaders to find

actionable solutions for pressing cybersecurity challenges.

Contact

(800) 944-0401 • sales@ismgcorp.com