Companies Underinvesting in Mobile and Remote Access Security are Creating Costly Exposure to Risk -- Sontiq CTO Darrell Laffoon
By Lane Cooper and Nathan Fisher, BizTechReports
Small or large enterprises that neglect mobile and remote device security in the era -- of the always-connected-workforce and bring-your-own-device to work -- do so at their own peril. More importantly, they are missing out on a huge opportunity to be proactive about potential breaches.
As individuals bring more connected devices into their work environment while increasing the number of days worked from remote locations, many companies may be underinvesting in mobile and remote device security. So says Darrell Laffoon, Chief Technology Officer at Sontiq (www.sontiq.com), a security an identity protection company based in Nottingham, MD.
“A big part of managing security in this new era is being vigilant and constantly looking for ways to mitigate risk. Mobile device protection and remote device protection are two of those areas that are starting to come to the forefront of what companies should be worried about,” he explains.
Full Audio Interview with Darrell Laffoon
In a recent thought leadership interview with BizTechReports, Laffoon discussed the many complexities businesses and individuals face when navigating this space and making decisions about their cybersecurity strategies in 2020.
Cyber Investments Rise...But in the Correct Areas?
The role of information security in both our professional and personal lives has greatly increased over the past decade. The growth of the cybersecurity market alone -- projected to reach $258.99 billion by 2025 according to Allied Market Research -- demonstrates the rapid evolution of the relationship between the individual and their information security strategies.
While this growth in investment is significant, it is barely keeping up with the consequences of the growing number of breaches that are affecting every sector of the economy. According to a recent Ponemon Institute report in 2019, the average lifecycle of a data breach reached 279 days -- an increase from the 266 days in 2018. This is happening as the number of data breaches have also continued to rise -- up 130% since 2006.
“Companies cannot ignore this. Not only do you have the potential cost to clean up and mitigate the breach after it has occurred, but you may have reputational damage that you have to deal with. Depending on the size of your company, you may also be subject to penalties from a legal or compliance standpoint,” says Laffoon.
Overlooked Vulnerabilities
Small or large enterprises that neglect mobile and remote device security in the era -- of the always-connected-workforce and bring-your-own-device to work -- do so at their own peril. More importantly, they are missing out on a huge opportunity to be proactive about potential breaches.
Laffoon sees mobile devices as a powerful early-warning-system for attacks, since that is increasingly where many of the attacks are being targeted. Consequently, businesses that pay attention to this threat vector have a lot to gain by implementing proactive security strategies in that environment.
“Organizations of all sizes have to understand that they are at risk. And as they become more aware -- especially the smaller companies -- will need solutions that are emerging to help them manage and mitigate these risks,” says Laffoon.
This is important since lack of access to security knowledge and expertise about mobile device- and remote access-threats can be an impediment for small companies that want to participate in value-chains that include large organizations.
“In the B2B arena there is a lot more pressure coming from big customers and the larger companies with which they work. It is increasingly understood that a smaller trading partner could be a weakness in their security environment,” he says.
As a result, vendor due diligence between companies is something that is becoming increasingly important.
“At Sontiq, we focus on mobile cybersecurity because we think of that vector as being one of the key ways for bad actors to get to both enterprise data and personal data. We then couple that with identity theft protection solutions that helps mitigate threats for the individual digital footprint and the enterprise by providing comprehensive visibility into the mobile devices that are accessing the network and alerting both the individual and the enterprise of any threats detected that may warrant further action.” says Laffoon.