Mobile Security a Top Priority for CISOs, IBM Finds

October 29, 2013 Alex Woodie

An IBM survey of chief information security officers found that mobile security is the top initiative at the moment, with 25 percent of CISOs having deployed some mobile security solutions in the last year. IBM also rolled out a new security service, based in part on partner Akamai‘s technology, that’s aimed at dealing with distributed denial of service (DDOS) attacks.

While mobile security may be on the minds of CISOs, there’s still a lot to be done. According to IBM’s survey, less than 40 percent of organizations have security policies in place to deal with the bring your own device (BYOD) phenomenon. That is a real concern, especially as cyber criminals get more sophisticated in their use of technology to steal data and otherwise exploit the computer systems of victims.

In the recent mid-year X-Force threat report, IBM’s security experts identified Android devices as particularly vulnerable. While the latest Android OS version 4.2 upgrade offers some protection against malware, only 6 percent of the Android community is using this latest release, IBM says in its September report. That leaves most Android users vulnerable to increasingly sophisticated malware, such as Chui, one of the more successful malware packages in circulation today.

CISOs have their work cut out for them, as they attempt to strike the right balance between dealing with technology-oriented threats, like Chui, while satisfying the other demands of their jobs. These other demands including things like shaping an overall security and risk management strategy, dealing with budgetary issues, and communicating with fellow C-level executives, the board, and law enforcement.

“It’s evident in this study that security leaders need to focus on finding the delicate balance between developing a strong, holistic security and risk management strategy, while implementing more advanced and strategic capabilities such as robust mobile security that includes policies for BYOD,” said David Jarvis, co-author of the report and manager at the IBM Center for Applied Insights.

The cloud figures to play heavily in CISO’s strategies. According to IBM’s study, more than three-quarters of security leaders have deployed some type of cloud security services. The most popular cloud security service is data monitoring and audit, followed by federated identity and access management.

IBM unveiled a new cloud-based offering last week aimed at dealing with DDoS attacks. DDoS attacks are on the rise, according to IBM, but many firms are unable to effectively deal with them due to the lack of on-site expertise and skills sets. The average large company deals with 1,400 cyber attacks every week, according to IBM, with DDoS attacks among them.

Who better to deal with DDoS attacks than Akamai, the website services firm that basically operates a secondary, private network that ensures many of the largest Web properties can scale to meet demand. As part of the DDoS offering solution, IBM will integrate Akamai’s Web security solution “Kona Site Defender” with IBM’s Cloud Security Services portfolio.

“DDoS mitigation and prevention can be incredibly complex and resource intensive,” says Ronni Zehavi, senior vice president and general manager of the Security Division at Akamai. “Together, IBM and Akamai can offer the right mix of technology and expertise to give our customers the peace of mind that their DDoS mitigation efforts are in the right hands.”