Mobility and WiFi networks are the new front line for cyber security

The insecurity of mobile devices and the vulnerabilities of public WiFi networks remain at an all-time high, so these days, it’s not uncommon to hear cyber security experts talk about the eroding perimeter. With the advent of mobile and cloud, what was (or at least seemed to be) a clearly defined segregation point between the private corporate network and public internet has virtually dissolved into thin air, giving IT departments much more to worry about than shrinking budgets and shadow IT. Among the many issues IT security administrators, managers and CTO’s  have to manage is the growing demand from employees to use their personal devices for work. After all, the mobile is quickly becoming the primary mode of digital activity in cities around the globe. And while that does include bringing personal mobile devices and tablets to the office, more often it means employees are connecting to the corporate network remotely from a  public Wi-Fi connection, like from an airport or a coffee shop. In fact, Strategy Analytics estimates that by 2020, roughly 42% of the global workforce – or around 1.75 billion people – will be mobile.

No ‘cure-all’ with WiFi and cyber security

Unfortunately for those IT admins and CTO’s, the insecurity of mobile devices and the vulnerabilities of public Wi-Fi networks remain at an all-time high. The development of key reinstallation attacks (KRACKs) to exploit vulnerabilities in modern Wi-Fi networks’ most common security protocol (WPA2) is just the latest example of public Wi-Fi insecurity.

Even with WPA3, the new Wi-Fi security protocol announced by the Wi-Fi Alliance, on the horizon, there’s reason not to hold our collective breath that it will be the cure-all we’re hoping for. As the first notable update to WPA2 in more than a decade, WPA3 is an important step toward giving businesses and individuals peace of mind. With developments like 192-bit encryption and the promise of ways to better lock down IoT devices, WPA3 will noticeably raise the bar. But, this new standard only improves security at the Wi-Fi access router point. Once mobile traffic is placed onto the internet via a rapidly-growing public Wi-Fi footprint, unless it is adequately encrypted, it remains vulnerable to a plethora of exploits. These include anything from man-in-the-middle attacks aimed at eavesdropping or the interception of sensitive information, such as logins and passwords to crypto-mining for digital currency by leveraging the device’s electricity and processing power. As mobile adoption, and public Wi-Fi access, maintain their rapid pace of expansion, bad actors will continue to seek ways to evolve their own tactics. And, it almost goes without saying, all the security protocols in the world won’t solve for enterprises’ weakest link: their own employees.

…Except, perhaps, the network itself

To solve this complex equation, businesses need a solution that enables remote users to securely connect to internet and private network resources without introducing cyber risks associated with using personal devices and unsecured Wi-Fi. What’s more, they need a solution that can do this without hindering performance or flexibility. It’s a tall order, I know. But networks can do this today. By offering secure, remote VPN access to corporate networks through IPSec or SSL-based internet connections, network-based secure mobility solutions, in conjunction with security controls that are built into the network itself, can provide enterprises with end-to-end encryption and tunnelling, and advanced threat detection. In other words, the employee signing on from a tablet while waiting for a train at Kings Cross St. Pancras station will experience the same centralised authentication, user role-mapping, resource policies and sign-in policies as at the branch office in Glasgow. The fact is, mobility is the new front line for security as businesses weigh the advantages of an increasingly mobile workforce against the need to protect sensitive information in today’s complex cyber security landscape. But the onus of protecting the endpoint should not be burdened by the endpoint entirely by itself. Financial Firms’ need to be confident their employees’ connections are secure, regardless of connection type or device. The ongoing evolution of Wi-Fi will bring us closer to this goal, but it’s the network that can adapt and solve for the increasingly hazy security perimeter.

For further advice and assistance about WiFi & internet security and Mobile Device Management, contact  Storm IT Financial and find out more information on Hedge Fund, Asset Management, Private Equity & Alternative Investment disaster recovery, back up, cyber security & firewall solutions, security education seminars, regulatory & Compliant Solutions data storage, helpdesk support, cloud & IT Services.

Storm IT Financial FinTech News & Trends picks: Week 12th Mar – 16th Mar 2018

Cyber Readiness Report a Reminder of Financial Services Firms’ Complex Security Needs

The need for financial institutions to be prepared against cyberattacks is doubly pressing this year, following a raft of new regulations…:

http://www.itsecurityguru.org/2018/02/06/cyber-readiness-report-reminder-financial-services-firms-complex-security-needs/

The Hiscox Cyber Readiness Report 2018

How ready is your business when it comes to the cyber threat?:

https://www.hiscox.co.uk/cyberreadiness#

Outgoing FCA chair warns on cryptocurrency and Brexit

John Griffiths-Jones used last speech as chairman of FCA to warn over the dangers of cryptocurrencies, outlined the regulator’s role in…:

https://international-adviser.com/outgoing-fca-chair-warns-cryptocurrency-brexit/

The Market Practitioner’s MiFID II Calendar for 2018

Firms must look at “people, processes and technology” to make sure that trading, regulatory and firm data is consistent across enterprise systems:

http://tabbforum.com/channels/regulatory/opinions/the-market-practitioners-mifid-ii-calendar-for-2018

JPMorgan claims AI funds played ‘major role’ in market sell-off

Analysts at the US bank think 12 funds played a part in the market volatility last month:

https://www.fnlondon.com/articles/jpmorgan-claims-ai-hedge-funds-played-major-role-in-february-volatility-20180312

GDPR Compliance: A Carrot or Stick Approach?

There’s Little Value in Heading Down the GDPR Path Simply to Avoid Being Hit With Penalties:

https://www.securityweek.com/gdpr-compliance-carrot-or-stick-approach

Diary of a digital investor: how robos fared during volatility

It seems that there was a common thread during the volatility: ‘keep calm and carry on’ was the cliché of the day from all my robo advisers:

http://bit.ly/2Gyz1GP

Why technology is now more important than capital

How you leverage technology is even more important to success than your ability to access capital:

https://tgam.ca/2oUIsaT

Regulatory platform adds 15 million KIDs

A recently launched data exchange has added 1m KIDs (key information documents) a week since new rules…:

http://bit.ly/2FVKPFb

Can banks be a threat to Big Tech?

BBVA Solution Head, shares his take on who will corner banking business in the future: Banks or Big Tech?:

http://bit.ly/2pkao8n

Bank of Amazon could woo 70 million US customers within five years

estimates that a banking service from Amazon could swell to than 70M+ US customer accounts within 5 yrs…:

http://bit.ly/2IvNcgc

Banking jobs that will and won’t see you through to 2028 with IT making up a huge portion of safe roles

If you want to do any old job in finance and make a long career out of it, then you should work in technology…:

http://bit.ly/2FD2hip