Want to hazard a guess as to how long it would take a hacker to crack your four-digit security pin on your smartphone? A week? A day? Eight hours? How about 23 seconds? That’s right, 23 seconds is what it takes for a hacker, using open source tools available cyber Tuesday option 3through the Internet, to crack a four-digit pin. That disturbing piece of information was brought to my attention by Brian Reed, chief mobility officer of mobile security provider Good Technology. Mr. Reed was speaking at a seminar I attended held by the Cyber Division of the National Defense Industrial Association (NDIA). He referred us to a Youtube video, which illustrates the point.

There was a time when compromising the security of a smartphone would have been more of an irritant than a critical business threat.  But that time is well past.  In our ever evolving threat environment, we must pay continuing attention to user behavior patterns among employees.  And one obvious trend is the increasing use of smartphones and other mobile devices in the workplace.

According to Gartner, approximately 40 percent of U.S. consumers who work for large enterprises said they use their personally owned smartphone, desktop or laptop daily for some form of work purposes.  If anything, that number may be conservative, and is sure to grow.  Businesses have learned the use of personal devices by employees increases both job satisfaction and productivity. Gartner predicts that by 2018 there will be twice as many employee-owned devices used for work than enterprise-owned devices.  Along with this explosion of personal devices used in the workplace comes a considerable security challenge.

If someone compromises your phone, the attacker can access all data and network resources available to you. Basically, the attacker can carry out any activity that the user can, which means that users with more access to valuable information are more valuable targets. To guard against this prospect, leading firms are using enterprise mobility management systems to provide greater security and prevent unauthorized access to corporate data.

Workers are demanding, and corporations increasingly are embracing, the ability to use personal devices in the workplace. Balancing the interests of employees with the accompanying security considerations is a growing challenge. Companies must embrace the use of mobile devices while effectively managing the expectations of their employees, providing freedom and flexibility without sacrificing security.  It will take time to work through this challenge, which is likely to be magnified as wearables become more present in the workplace. But when you think about the time that will take, remember this time … 23 seconds.


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

June 16, 2015