“We look at mobile device security first.”
Mitch Parker is Executive Director of Information Security and Compliance at Indiana University Health.
"We’ve seen the patterns shift from almost entirely desktop a few years ago to mobile devices. And employees are even using mobile devices now while they are sitting at their desk," he says.
This massive shift to mobile devices and the apps that power them led NIST to update its best practice guidelines around mobile app security.
That leads to a couple of important questions: How should you vet and test the security of mobile apps your employees are using? And what are the top mobile app cyber threats right now?
NIST update on mobile app security
NIST's update on Vetting the Security of Mobile Applications highlights 11 threats against mobile apps:
1. Ransomware
2. Spyware
3. Adware
4. Rooting
5. Trojan Horse
6. Infostealer
7. Hostile Downloader
8. SMS Fraud
9. Call Fraud
10. Man in the Middle (MITM) Attack
11. Toll Fraud
The NIST update also reviews the latest in Android app vulnerability types and iOS app vulnerability types.
NIST best practices on mobile app security
Most importantly, the NIST guidelines on Vetting Mobile Application Security reveal the following:
App security requirements, the app vetting process, app testing and vulnerability classifiers, app vetting considerations, and app vetting systems.
[RELATED: NIST Cybersecurity Framework, Important Updates]
The influence of NIST (National Institute of Standards and Technology) on cybersecurity best practices continues to grow. The NIST Cybersecurity Framework recently turned five years old and has surpassed more than 250,000 downloads.
UMass CISO Larry Wilson leads a course on the NIST framework at each regional SecureWorld conference.
He tells us there are two major reasons for the success of the NIST Cybersecurity Framework.
"It's a living document that is meant to be updated as things change. And I'm also a huge fan of the framework because it maps to an attack in a number of ways. That proves extremely valuable."
