4. Before we begin… Who is this guy?
• Information Cyber Security for > 15 years
• Consultancy – 1997 – 2005
• Research – 2005 – 2011
• Symantec / BlackBerry
• Research / Consultancy – 2012
• Recx / NCC Group
5. What you are led to believe
•Mobile is as insecure the desktop
•BYOD is insecure
•Malware is rampant
•Mobile security needs augmenting
8. Mobile is as insecure as the desktop
•Incentivised
•Defence in depth
•App stores
•Ubiquitous sandboxes
•Security policy APIs
•Vendors adopting SDLs
9. BYOD is insecure
•BYOD is CHALLENGING
•Extending your security perimeter
•Loosening your control (potentially)
•Mixed domain devices
•Policies
10. Malware is rampant
•Malware is present NOT rampant
•Trojans (re-packaged apps)
•Trojans (unique appealing apps)
•App store revocation
•People using third party app stores
12. Mobile security needs augmenting
•Platforms have rich security stories
•Samsung KNOX
•BlackBerry Balance
•MDM APIs / Policies ..
•Some augmentation may be needed
•on iOS
•On device AV is not one of them
14. SDLs cost
•Vendors don’t have
•limitless funds
•limitless people
•limitless time
•Market driven by features
•not secure code
•Skills in short demand
•Not evenly deployed
15. Vulnerability v patching frequency
•No monthly patch Tuesday
•Carrier certification
•desire
•capacity
•Vendors
•desire
•capacity
16. Vulnerability v patching frequency
•Handset cycle 12 to 36 months
•HTC 10 Android models
•ZTE 18 Android models
•Samsung 12 Android models
•Apple 1 iPhone model
•BlackBerry 3 BB10 models
•Sustainment costs huge..
25. UK Offices
Manchester - Head Office
Cheltenham
Edinburgh
Leatherhead
London
Thame
North American Offices
San Francisco
Atlanta
New York
Seattle
Australian Offices
Sydney
European Offices
Amsterdam - Netherlands
Munich – Germany
Zurich - Switzerland
Ollie Whitehouse
ollie.whitehouse@nccgroup.com