Researcher decries skills shortage in dealing with mobile threats.
The risks posed by mobile threats are rising, and there is still a shortage of trained information security specialists to deal with the challenge, according to Raul Siles, a security researcher who has earned the GIAC Security Expert (GSE) designation.
Speaking ahead of SANS Gulf Region 2015, a security training
event at which Siles will be leading a course in mobile device security and
ethical hacking, the researcher said that new threats, such as the DarkHotel
targeted attacks and the vulnerability in the WhatsApp web extension, should be
giving security pros pause for thought.
He added that the fact that users are now using personal
devices for work, and vice-versa, is making the problem worse.
"High-profile vulnerabilities, that might even combine both
the traditional and mobile computing worlds like the recent WhatsApp issue, can
serve to highlight what is often an underappreciated threat especially as many
of these devices and apps move between the private and work life," he said.
"This duality of roles forces organisations to think in new
ways to enforce management and security policies on devices that are not
necessarily owned by the organisation."
As mobile devices start to overtake desktop PC's, Siles
suggested that organisations need to take a closer look at the skill sets of info-sec
professionals charged with protecting environments.
"Security training budgets need to reflect the realities of
the modern organisation that is increasingly dependent on mobile devices," he
"Deploying a MDM system is a good first step but it's not an
'install and forget' situation, as the environment is much more complicated
than, say, Windows, OS X or Linux and the threats are evolving fast."
At the SANS Gulf Region event, taking place in Dubai this
October, Siles' course - SEC575: Mobile Device Security and Ethical Hacking -
will teach attendees how to capture and evaluate mobile device network
activity, analyse the strengths and weaknesses of each mobile platform,
disassemble and analyse mobile code, recognise weaknesses in common or custom
mobile applications, and conduct full-scale mobile penetration tests.
The event will see six courses in total being offered, all
with an associated GIAC certification.
[c] 2015 ITP Business Publishing Ltd. All Rights Reserved. Provided by SyndiGate Media Inc. ( Syndigate.info ).