LIVE FROM GSMA MOBILE 360 – PRIVACY & SECURITY, THE HAGUE: “Employees are the weakest link when they should be the first line of defence” for enterprise security, thanks to initiatives like remote working and ‘bring your own device’, said Dr Jessica Barker, an independent cyber security consultant.

At a session titled ‘Protecting Your Data And Your Employees,’ she shared statistics that explain how enterprises are always at risk: for instance, one-fifth of European businesses lost data in 2015, two-thirds of businesses in the UK had an attack last year and a quarter have a breach every month. Despite this, only one in ten organisations have an incident response management plan.

What’s more, she said cyber criminals adapt to changing work patterns when they deliver spear phishing attacks, such as between meetings and when employees are on the move and are likely to be lax.

Although Deloitte said there was a 400 per cent increase in news stories about security in 2015 compared to 2014, the increased awareness has not led to a behavioural change: ‘password1’ is still a popular password, and according to her own research, 70 per cent of respondents didn’t know what two-factor authentication is.

Barker was moderating a panel in which Mark Jenniskens, a management consultant at Strict, said even top executives at firms are often not aware of security and privacy risks and need to be told in business terms they will understand, such as reputation damage and monetary loss.

Empowering employees
As for employees, they need to be empowered by giving them secure access to all the data they need. If there are too many layers of authentication, they will get frustrated and try to go round security measures or use personal email accounts instead, putting businesses at risk.

Rather than restricting choice though, this means staff should be given a wide range of verified apps integrated with the back end of the enterprise that they can choose from.

Mihai Vlad, director of business development at mobile security firm Lookout, echoed this sentiment, saying that “security should be about freedom, not restriction”.

His concern was that users simply do not see smartphones as an “attack surface” and said his firm wants to revolutionise security just as Nest revolutionised the fire alarm by giving it an updated design and improving the user experience.

Vlad also said threats need to be explained and has converted its own app’s privacy policy into a visual form that is more easy to digest. This is an open source project that he encouraged other businesses to adopt.

He added that the scale of the problem when it comes to mobile security is ten times, if not 100 times, bigger than the PC and thus needs to be tackled by thinking differently.

One way is to “play the big data game against the attackers”.

He said that since attackers are human, they can be outsmarted by predicting whether an app will get malicious using patterns that can be seen through analysing big data.