Printer Friendly

Researcher decries skills shortage in dealing with mobile threats.

The risks posed by mobile threats are rising, and there is still a shortage of trained information security specialists to deal with the challenge, according to Raul Siles, a security researcher who has earned the GIAC Security Expert (GSE) designation.

Speaking ahead of SANS Gulf Region 2015, a security training

event at which Siles will be leading a course in mobile device security and

ethical hacking, the researcher said that new threats, such as the DarkHotel

targeted attacks and the vulnerability in the WhatsApp web extension, should be

giving security pros pause for thought.

He added that the fact that users are now using personal

devices for work, and vice-versa, is making the problem worse.

"High-profile vulnerabilities, that might even combine both

the traditional and mobile computing worlds like the recent WhatsApp issue, can

serve to highlight what is often an underappreciated threat especially as many

of these devices and apps move between the private and work life," he said.

"This duality of roles forces organisations to think in new

ways to enforce management and security policies on devices that are not

necessarily owned by the organisation."

As mobile devices start to overtake desktop PC's, Siles

suggested that organisations need to take a closer look at the skill sets of info-sec

professionals charged with protecting environments.

"Security training budgets need to reflect the realities of

the modern organisation that is increasingly dependent on mobile devices," he

said.

"Deploying a MDM system is a good first step but it's not an

'install and forget' situation, as the environment is much more complicated

than, say, Windows, OS X or Linux and the threats are evolving fast."

At the SANS Gulf Region event, taking place in Dubai this

October, Siles' course - SEC575: Mobile Device Security and Ethical Hacking -

will teach attendees how to capture and evaluate mobile device network

activity, analyse the strengths and weaknesses of each mobile platform,

disassemble and analyse mobile code, recognise weaknesses in common or custom

mobile applications, and conduct full-scale mobile penetration tests.

The event will see six courses in total being offered, all

with an associated GIAC certification.

[c] 2015 ITP Business Publishing Ltd. All Rights Reserved. Provided by SyndiGate Media Inc. ( Syndigate.info ).

COPYRIGHT 2015 SyndiGate Media Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2015 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:ITP.net
Date:Sep 17, 2015
Words:367
Previous Article:Increasing the smartness of smart government.
Next Article:Facebook users express 'dislike' of Facebook's 'Dislike' plans.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters