Cloud Hosting

When University of Torontos Citizen Lab announced the discovery of a new zero-click, zero-day" cyberattack against Apple devices in September, it unleashed a familiar routine.

First, headlines around the world warned of the exploit, which is being used to install Pegasus spyware onto Apple devices. Next, Apple issued emergency patches for Macs, iPads, iPhones, and Apple Watches to close the vulnerability Citizen Lab discovered as well as a second vulnerability uncovered by Apple. And then a third. Now, organizations around the world are waiting for their executives and employees to update devices to limit the security gaps.

Sound familiar? Even in the best-case scenarios, with rapid and efficient response for internal and external teams, there is a period of time when devices are vulnerable.

This time it was Apple; next time it might be Android. These are widely deployed mobile operating systems, and zero-day vulnerabilities are to be expected, which means depending solely on mobile OS vendors for security can leave significant and highly exploitable gaps. Consider the recent number of common vulnerabilities and exposures (CVEs) for mobile OSes during 2022, according to VulnDB:

How long did each of these vulnerabilities remain unpatched on mobile devices connected to your network?

Despite these numbers and the uncertainty they create within your environment, the mobile security picture is far from hopeless if you know how to fill the gaps. For example, BlackBerry UEMcustomers know that their corporate data is secured with patented elliptic curve cryptography, even in BYOD (bring your own device) environments. Using BlackBerry Dynamics, provisioned by BlackBerry UEM (unified endpoint management), lets them remain secure even in the face of zero-day attacks while minimizing exposure from dependence on OS vendor patches.

We think thats one reason BlackBerry was designated as the Gartner Peer Insights 2023 Customers' Choice for unified endpoint management tools.

Over the course of BlackBerrys almost 40-year history, we wrote the book on mobile security. We're still innovating in that space, and today we offer the most highly certified mobile security platform in the world: BlackBerry UEM. Its used by the worlds most security-conscious organizations governments, banks, law firms, and more. These organizations realize that mobile security threats are significant and so is the ability to defend against them.

Mobile malware is on the rise according to recent BlackBerry research. The Quarterly Threat Reporthighlighted that financial services, for example, are facing persistent threats through smartphone-centric commodity malware, ransomware attacks, and the rise of mobile banking malware. And giventhe latest widespread threats targeting popular mobile OS products, it seems like a good time to revisit exactly how BlackBerry protects mobile apps and data.

Lets say an employee uses their mobile device to conduct business in your IT environment. If you depend on your mobile OS security alone, and their mobile device becomes compromised, so does your corporate data, as well as your clients sensitive data.

We've also seen plenty of cases where 2FA (two-factor authentication) on a device is treated as a security plan; there are known vulnerabilities with that strategy as well. For these reasons and more, BlackBerry approaches things differently. We view everything except the BlackBerry UEM secure enclave that protects corporate applications as insecure and potentially a threat.

For example, even if an employee accidentally installs malware on their phone, corporate data housed on that compromised device is still protected because BlackBerry Dynamics containerizes approved apps and their associated data, segmenting them away from other hostile actions that may be taken against the device. In addition, BlackBerry actively defends against common tactics used to exfiltrate data, and MTD (mobile threat defense) is included, backed by BlackBerrys patented AI cybersecurity.

Another stark difference between BlackBerry and other cybersecurity offerings is in the way mobile platforms handle encryption. BlackBerry delivers encryption within encryption, and heres how it works: Every app in BlackBerry Dynamics has its own unique encryption key, held in memory only when that app is in the foreground. When the employee closes out or even minimizes an app, the key is destroyed not merely deleted minimizing the risk of abuse by bad actors. This level of security is not commonplace, but it can mean a world of difference if and when a compromise occurs.

In addition, we encrypt the encryption key. So even if a threat actor obtains that key and wants to compromise corporate apps on the device, they cant access it unless they also have the second key. This is why your data and apps stay protected, even if there is malware running in the background on the mobile device.

Added to this is the fact that BlackBerry Dynamics encrypts the entire secure enclave, so even if someone has a key needed for a certain database, they wont have the encryption key to decrypt it. This is unique to BlackBerry.

This just gives you a small taste of what makes BlackBerry UEM an incredibly secure mobile device platform, and in fact, the most security-certified UEM in the industry. Customers also have full access to our application marketplace, which contains more than 125 trusted apps from the biggest names in employee productivity. We do in-depth analysis on each app offered in our marketplace, including Veracode verification, penetration testing, API (application programming interface) checking, and more.

All of this reflects our history and track record in the industry: BlackBerry pioneered mobile device security and our innovative approach confirms we still do.

Given the increasing demands for remote and mobile access to sensitive and regulated data, the risk to organizations is growing exponentially. It underscores a critical need for us all to include mobile endpoints in our overall cybersecurity strategies because more and more, thats where the data resides.

Learn more about BlackBerry Dynamics and BlackBerry UEM.

Link:
Minimizing Risk Between a Zero-Day Attack and the OS Patch - BlackBerry Blog