The NSA's Shadow Brokers Quandary Prompts Top Solution Providers To Warn Customers About Mobile Device Patching

Printer-friendly version Email this CRN article

A series of disclosures involving stolen security tools and top-secret operational methods used by the National Security Agency has enterprise security firms on high alert.

A "zero day" attack against a major mobile device platform is likely imminent now that the Shadow Brokers organization – the mysterious group behind the NSA's security woes – has released information about the Windows and Linux operating systems, according to Andrew Howard of Kudelski Security. 

Howard has urged enterprises to develop an overall strategy around mobile device patching and testing, particularly for devices that aren't company-owned.

"The Shadow Brokers situation is a good reminder that networks and organizations aren't just attacked via phishing," said Howard, who is CTO at the Phoenix, Ariz. solution provider.

[Related: 5 Things Partners Need To Know About New NSA-Related Vulnerabilities]

The New York Times reported Sunday that the Shadow Brokers disclosures, which began in August 2016, have called into question the NSA's ability to protect potent cyberweapons. Officials still do not know whether the NSA is the victim of a hack likely executed by the Russians, an insider’s leak, or both, according to The Times.

Organizations should never allow personally-owned devices to attach carte blanche to the company's secure wireless network, according to Michael Knight of Encore Technology Group.

The best thing end users can do to protect their information in a BYOD-centric environment is adopt web-based solutions so that there's never data residing on the devices themselves, said Knight, president and CTO of the Greenville, S.C.-based solution provider.

If the data needs to reside on the device, Knight said end users should pay close attention to how the apps are being deployed and use techniques such as geofencing to ensure the sanctity of their data. All told, Knight said the client's strategy should be centered around ensuring the sensitive data is not accessible once the user is no longer on the company-owned network.   

The vulnerability patching cycle is problematic for many organizations since it is disruptive to the IT department, according to Sam Curry, chief security officer at Boston-based Cyberreason. Organizations typically find that more patching adds complexity and has a negative impact on their service levels, contracts and customer satisfaction measurements, Curry said.

"The voice of risk is not felt strongly enough in most corporations, which is coming from the security department," Curry said. "It is the guys who cry wolf."     

As the Shadow Brokers breach reveals more data, tools and methodologies used by the NSA, the likelihood of zero day threats increases, Howard said. Companies with slower patching cycles face more risk, but Howard added that patching with minimal or insufficient testing also puts business operations at high risk.

Printer-friendly version Email this CRN article