Researcher decries skills shortage in dealing with mobile threats
New threats targeted at mobile should be giving security pros pause for thought, says Raul Siles
The risks posed by mobile threats are rising, and there is still a shortage of trained information security specialists to deal with the challenge, according to Raul Siles, a security researcher who has earned the GIAC Security Expert (GSE) designation.
Speaking ahead of SANS Gulf Region 2015, a security training event at which Siles will be leading a course in mobile device security and ethical hacking, the researcher said that new threats, such as the DarkHotel targeted attacks and the vulnerability in the WhatsApp web extension, should be giving security pros pause for thought.
He added that the fact that users are now using personal devices for work, and vice-versa, is making the problem worse.
"High-profile vulnerabilities, that might even combine both the traditional and mobile computing worlds like the recent WhatsApp issue, can serve to highlight what is often an underappreciated threat especially as many of these devices and apps move between the private and work life," he said.
"This duality of roles forces organisations to think in new ways to enforce management and security policies on devices that are not necessarily owned by the organisation."
As mobile devices start to overtake desktop PC's, Siles suggested that organisations need to take a closer look at the skill sets of info-sec professionals charged with protecting environments.
"Security training budgets need to reflect the realities of the modern organisation that is increasingly dependent on mobile devices," he said.
"Deploying a MDM system is a good first step but it's not an ‘install and forget' situation, as the environment is much more complicated than, say, Windows, OS X or Linux and the threats are evolving fast."
At the SANS Gulf Region event, taking place in Dubai this October, Siles' course - SEC575: Mobile Device Security and Ethical Hacking - will teach attendees how to capture and evaluate mobile device network activity, analyse the strengths and weaknesses of each mobile platform, disassemble and analyse mobile code, recognise weaknesses in common or custom mobile applications, and conduct full-scale mobile penetration tests.
The event will see six courses in total being offered, all with an associated GIAC certification.