Page 1
Page 2
Page 3
Page 4
Page 5
Page 6
Page 7
Page 8
Page 9
Page 10
Page 11
Page 12
AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition MMoobbiillee SSeeccuurriittyy WWhhiittee PPaappeerr eeccmm eeccmm AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm WHAT IS A MOBILE THREAT Like viruses and spyware that can infect your PC there are a variety of security threats that can affect mobile devices. We divide these mobile threats into several categories application-based threats web-based threats network-based threats and physical threats. Downloadable applications can present many types of security issues for mobile devices. Malicious apps may look fine on a download site but they are specifically designed to commit fraud. Even some legitimate software can be exploited for fraudulent purposes. Application-based threats generally fit into one or more of the following categories Malware is software that performs malicious actions while installed on your phone. Without your knowledge malware can make charges to your phone bill send unsolicited messages to your contact list or give an attacker control over your device. Spyware is designed to collect or use private data without your knowledge or approval. Data commonly targeted by spyware includes phone call history text messages user location browser his- tory contact list email and private photos. This stolen information could be used for identity theft or fi- nancial fraud. Privacy Threats may be caused by applications that are not necessarily malicious but gather or use sensitive information e.g. location contact lists personally identifiable information than is neces- sary to perform their function. Vulnerable Applications are apps that contain flaws which can be exploited for malicious pur- poses. Such vulnerabilities allow an attacker to access sensitive information perform undesirable ac- tions stop a service from functioning correctly or download apps to your device without your knowledge. All of the above mentioned threats to business mobile security have almost always one thing in common HUMAN FACTOR UNINTENDED HUMAN ERROR AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm WHY SHOULD YOUR BUSINESS CARE ABOUT MOBILE SECURITY THREATS Cyber-espionage may sound like some strangely exotic activity from the movies. However the harsh reality is that almost any business can become a target or can be damaged in the crossfire when cybercriminals launch an attack against another organization. It s largely immaterial whether your business is being directly targeted or just happens to suffer collateral damage as a result of getting caught up in another organization s battle. Espionage in one form or another has existed for as long as any organization or individual has felt that it could gain an advantage by illicitly accessing someone else s confidential information. Every- one s familiar with various nation states attempts to steal other countries secrets. Similarly industrial espionage has also been a feature of business life for a long time. However recent years have seen a dramatic change in the level and nature of the espionage threats that can affect businesses of all sizes. Cyber-espionage as such is conducted through various range of methods. It started of historically as PC malware grew in volume on the heels of notable events such as the emergence of malware generation kits allowing those with no programming knowledge to create threats the release of malware source code allowing those with minimal programming experience to modify threats and abuse of popular features applications or script engines. Today in the age of mobility business are making a lot of effort to exploit the advantages of mobile devices. Becoming a mobile enterprise means new opportunities for your organization. Employees are happier and more productive when they have mobile access to their email apps and data on tablets and smartphones. Companies running their businesses on mobile workstyle solutions gain competitive advantages and drive top-line growth. With this in mind we will see a similar impact on the mobile malware landscape in 2015. Open and commercial mobile malware source code is on the rise the fruits of which are likely to be harvested in the near future. And it s only a matter of time before mobile malwaregeneration kits take off lowering the barrier of entry for would-be thieves. Of course present will still be the conventional spying methods for industrial espionage which are known for ages and are still effective we are talking about tapped phones directional antennas etc. that we all know from the movies but which are still effectively used in the real world to gain an ad- vantage over competition. 2222 AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm WHAT IS THERE FOR YOU TO LOOSE AND FOR THE PERPERATORS TO GAIN The two main objectives that perpetrators competition are after The value of corporate information. There are opportunities to gain from extortion and ransom campaigns as well as selling stolen data on the black market. Reputation. Causing reputation damage and disruption to organizations that the competition has issues with. They realize that a leak of confidential information about customers suppliers or employ- ees could lead to severe embarrassment or significant legal penalties. The information is where the power lies. When it is stolen it can effectively neutralize any advantage that might have been gained by the original owner of the data. This typically applies to businesses with intellectual property and commercial secrets that give them a competitive advantage in their field. This information and data is of value to themselves their customers or their competitors. Even an example of a simple customer database with contacts information can be easily valuable to the competition. Mobile Devices and Industrial Espionage One Big Threat Among the threats faced by companies since 2013 vulnerabilities in the software used by the compa- nies surveyed ranked highest. Although the proportion of such incidents has gone down significantly since 2011 from 47 to 39 it still remains high. Accidental data leaks by employees constitute the second most common internal threat. Incidents of this kind were reported by 32 of respondents. Slightly fewer companies 30 reported incidents following the loss or theft of mobile devices through the fault of employees. Leaks resulting from the misuse of mobile devices involving mobile email clients or SMS were reported by 19 of companies. Remarkably four out of the five most com- mon internal security incidents reported by companies involved actions by employees using mobile de- vices. Incidents involving the misuse of mobile devices particularly mobile phones were among the most dangerous threats both external and internal. The Bring Your Own Device trend which means that company employees are increasingly using smartphones and tablets at work has evolved significantly. However this affects security to such an extent that mobile devices now form a separate class of threats with its own subcategories. Thus 95 of respondents reported that at least one mobile device- related security incident had been recorded in their company in the past 12 months. In 38 of cases mobile devices were involved in leaks of important corporate data. About 33 of cases were linked to the theft of mobile phones which can also lead to data leaks. In 25 of incidents employees personal data was leaked in 22 of cases a compromised smartphone provided access to other corporate de- vices. 3333 AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm HOW COSTLY ARE THESE THREATS The average typical damage suffered as a result of a cybersecurity incident was 36000 for medium-sized and small companies and 566000 for large organizations. It should be noted that the above calculations took into account the probability of different consequences of an incident taking place they also included smaller additional costs. At the same time these estimates did not account for relatively rare consequences of inci- dents such as a company being forced to offer a minimal service in the wake of an at- tack. The above mentioned numbers of course are not costs of mobile espionage incidents but if we take them and compare them with the roughly one third of incidents happening due to a misuse or an attack on employees mobile devices than we can get a picture how expensive these incidents are to businesses it still makes for a big sum of money not to mention the reputation lost. IS YOUR COMPANY OR BUSINESS SAFE FROM INDUSTRIAL CYBER ESPIONAGE The simple answer is no. The large percentage 85 of all cyber espionage attacks are on small businesses which are often directly targeted for the sensitive and valuable in- formation they hold that consequently can and is being used to help someone stage an attack on larger enterprises. It s all too easy for medium or small sized businesses to dismiss the potential threats of cyber-espionage and cyberterrorism and mistakenly believe the risks only apply to na- tion states and large multinationals. This false sense of security can result in businesses taking an overly relaxed attitude to protecting their systems and data and that can make it even easier for cyber-spies to launch their attacks. Recently the attackers have found it increasingly difficult to break into big companies networks. Instead they are focusing on the supply chain. By hacking into smaller com- panies networks the attackers leverage the small companies knowledge and identities to break into bigger enterprises. 4444 AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm AGORYUM S BABEL BUSINESS EDITION CONTRIBUTES TO YOUR MOBILE SECURITY Agoryum s Babel Business Edition protects your company communication on mobile devices and desktop PC s against theft eavesdropping and message intercepting. It is a complex solution for mobile and desktop communication privacy which consists of client applications and server modules. There are several existing applications and solutions available for safe and private mobile communication. A common feature of these applications is that they require the use of a 3rd party server. Call it a service provider a company that runs servers that are enabling communication between your devices. Therefore you as a user have no control over what is happening with your data. This means that you have to trust those compa- nies that their servers are private that there are no back doors implemented that none of the communication is stored on these servers and that no unauthorized personnel is looking into your data. This is the crucial difference between other solutions and Agoryum s Babel Business Edition. Agoryum s Babel Business Edition offers you your own in-house encrypted communication channel for both mobile and desktop. 5555 AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm KEY FEATURES TO OUR SOLUTION Strong Cryptography BABEL BE is using strong cryptography technology across the system. Each message is encrypted peer to peer and stays encrypted even while stored on the device using the symmetric algorithm AES with randomly generated keys. No Digital Certificates No need to pay and maintain digital certificates. Secure administration distribution and synchronization of cryptographic keys on mobile devices is ensured by BABEL server which is connected to your company s directory. No 3rd Party Servers Data that is temporarily or long-term stored on 3rd party servers is completely out of your control. Only BABEL allows you to communicate within your environment with no 3rd party involved. Integration with Existing IT Resources Direct integration with enterprise directories Administrator does not need to create new user accounts those can be transferred and synchronized with your company s directory. AD LDAP .... User Administration Your BABEL server maintains a database about users specifically their contact informa- tion phone numbers and addresses for electronic communication. BABEL server also stores and synchronizes user s public keys. The web administration console allows you to manage your BABEL server and enables you to react promptly to unusual situations such as lost or stolen device or any personnel migration within your organization and also to block communication from a specific device with other users. Attachment Encryption BABEL BE enables you to send encrypted attachments such as photos documents videos etc. These attachments are encrypted with the same level of security as a general message. 6666 AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm SONY PICTURES ENTERTAINMENT HACK The Sony Pictures Entertainment hack was a release of confidential data belonging to Sony Pictures Entertainment on November 24 2014. The data included personal infor- mation about Sony Pictures employees and their families e-mails between employees information about executive salaries at the company copies of unreleased Sony films and other information. The hackers called themselves the Guardians of Peace or GOP and demanded the cancellation of the planned release of the film The Interview a comedy about a plot to assassinate North Korean leader Kim Jong-un. There are two levels of implemention by which Agoryum s Babel Business Edition addresses the Sony Pictures problem Preventive use of BABEL encrypted mobile and desktop communication platform Aftermath response and crisis management communication platform Preventing The Hack in the First Place Use of Agoryum s Babel Business Editon By using an encrypted mobile and desktop communication platform as a secure solution for in-house communication among Sony Pictures Entertainment employees this would prevent any leaks of any of the above mentioned information. When all of Sony s data was lost it is the privacy of individual workers and business part- ners that matters most the privacy of the enterprise comes hand in hand with the privacy of individuals in and around the enterprise. Aftermath response and crisis management communication platform Once a hack occurs and it is known throughout the enterprise a prompt reaction is re- quired from the management of Sony Pictures Entertainment . As management in Sony Pictures Entertainment is scattered all over the globe it is hard to connect and facilitate safe communication channels through which leadership can discuss their next moves. In this case Sony Pictures weakened defense and low level of prepardness forced the managment team to USE FAX MACHINES to communicate 7777 AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm ANTHEM INSURANCE DATA LEAKBREACH Anthem one of America s largest health insurers and its tens of millions of its customers and em- ployees c.a. 80 million records has been subjected to a very sophisticated external cyber-attack that resulted in data breachleak of their personal information. The information accessed included names Social Security numbers birthdays addresses e-mail and employment information in- cluding income data. Why did this happen and why was the database not encrypted Companies that follow sound security policy often encrypt certain customer data stored on their servers. Encrypting the data makes it more difficult but not impossible for hackers to view or sell the information theyve stolen. But Anthem didnt follow such guidelines in this regard. Why not Under the federal Health Insurance Portability and Accountability Act HIPAA health insurance compa- nies are not required to encrypt the data stored on their servers. The HIPAA ruling recommends using en- cryption if the health insurer believes its an appropriate measure to mitigate risk. But lacking a specific requirement essentially leaves it up to each company to decide how to protect its data. A virtual consensus of security experts is that similar attacks will be fairly common now and in the near future especially as the black market for medical records and other information including the above men- tioned that were stolen from Anthem is on the rise and the demand for such information is increasing hence the price of 250 per one medical record while credit cards records are selling for 33 cents. Health care providers have sharply increased their spending on data security in the last year but they re- main technologically far behind other industries say experts. To demonstrate it more precisely here is a quote from Bob Janeck co-founder and CTO of DataMotion an email encryption and health information service provider When we go to a health care show and you look at the screens of different systems it s like we re look- ing at Windows XP. But you go to a banking show and they re talking about how to slice a billionth of a second off a transaction to get a competitive edge IT S JUST COMPLETELY DIFFERENT. In the new electronic records world security experts say the risks of a data breach are found on many fronts. For instance there are systems and protocols that allow for patient medical records to be en- crypted and emailed from one provider to another but then some doctors are sending clinical records through personal email accounts or using their own smartphones or tablets. 8888 AAGGOORRYYUUMM BBaabbeell BBuussiinneessss EEddiittiioonn 340 Madison Avenue New York New York 10173 888 16th Street Suite 800 Washington D.C. 20006 Business Development Account Management www.agoryum.comecm New York NY Washington D.C. Chicago IL San Francisco CA wwwwww..aaggoorryyuumm..ccoommeeccmm AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm SOURCES Global Corporate IT Security Risks 2013 Global Corporate IT Security Risks 2013 Check Point study 2014 httpwww.checkpoint.comcapsule Check Point study 2014 httpwww.checkpoint.comcapsule httpswww.defcon.orghtmllinksdc-archivesdc-18-archive.htmlPaget Kaspersky Cyber Espionage Whitepaper 2013 9999 AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm WHAT MOBILE SECRITY LOOKS LIKE IN ACTION BABEL ON THE IPHONE BABEL ON THE ANDROID DEVICE AAAAGGOORRYYUUMMGGOORRYYUUMM Babel Business EditionBabel Business Edition eeccmm TAKE A GLANCE AT SECURE MESSAGING ON THE PC BABEL ON THE PC WINDOWS WHERE PRIVACY IS POSSIBLE www.agoryum.comecm