Mobile Devices Pose New Threat on Government Networks, NATOA Hears
The growing popularity of mobile devices from smartphones to iPads poses a new threat to government networks, with many unprepared, said security experts said at a cybersecurity event Wednesday sponsored by the National Association of Telecommunications Officers and Advisors/NATOA. At risk is the array of sensitive information on the networks, from citizens’ financial data to health records, said CEO Ermis Sfakiyanudis of Cyber Reliant. Ultimately in jeopardy is the “public trust,” he said. “That’s really at the core of what local governments provide.” Many employees unwittingly put the networks at risk, said Sfakiyanudis, whose firm works on information security. Take storing sensitive passwords on smartphones, he said: “How would you like to have someone have access to all [the government’s] bank accounts because of your finance director?”
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Hackers are targeting mobile devices, said Joe Leonard, Presidio vice president-cybersecurity solutions. Leonard said 97 percent of malware being developed operates on the Google Android mobile platform. Google representatives didn’t comment. Internet security firm F-Secure said in a report last year that 252 of 259 new malware threats were on the Android platform (http://bit.ly/ISOcL4). The No. 1 target of malware developers is games, Leonard said. It’s not hard to know why, he said, saying he used to let his teenagers use his tablet. Cybercriminals “know kids use them,” he said. “The tablets get loaded with malware and you bring them into the work environment.”
Users need to pay better attention to what they're doing, said Sfakiyanudis. Notifications pop up asking to be able to access the location of the users, he said. “Most of the time, you go, ‘yeah, yeah.’ You click through.” Unsolicited software updates are accepted without second thought to their sources, said Sfakiyanudis. “The biggest problem you have are your own people,” Leonard said. The threats aren’t going away because mobile devices aren’t going away, Sfakiyanudis and Leonard said. Government workers -- police officers, health inspectors -- legitimately need access to information while on the road, said Leonard. “Employees expect to be able to check email or download a PDF on the road."
Despite the threats, Leonard said he asked leaders of one government to put their mobile devices on the table. “Half of them didn’t have passwords,” he said. Yet they could be left behind in coffee shops or stolen from their cars. At another government entity, the IT manager said passwords weren’t required on mobile devices that had access to government data, said Leonard. “I just looked at them and thought ‘you're going to make the news.'” In another case, a government entity limited the size of files that could be accessed by mobile devices to limit the kinds of information that could be put at risk, said Leonard. That led people to start emailing information to their personal emails, he said. The key is to design systems that will be still be usable for workers, panelists said. “If you have to go in and enter all these codes, they'll go around it,” Leonard said. (kmurakami@warren-news.com)