Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementCyber Tactics ColumnSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Cyber Tactics

Better Mobile Security with a Mobile Threat Defense Plan

What is a Mobile Threat Defense (MTD) and do you have one?

By John McClurg
SEC0320-cyber-feat-slide1_900px.jpg
SEC0320-cyber-slide2_900px.jpg
SEC0320-cyber-feat-slide1_900px.jpg
SEC0320-cyber-slide2_900px.jpg
March 1, 2020

Although I wasn’t exactly surprised by the alleged Saudi hack of Amazon CEO Jeff Bezos, it’s unusual that one of my annual New Year’s prognostications is so quickly proven accurate. On January 1, I wrote that mobile threat detection and response would become a major concern for organizations in 2020, expanding upon BlackBerry Cylance research that found state-sponsored APT groups exploiting mobile devices with impunity to surveil foreign individuals of interest. Of course, I had little idea then that such a high-profile figure would be among those individuals impacted, nor that Saudi Arabia, a U.S. ally unnamed in the BlackBerry report, would sit at the center of the burgeoning controversy.

The cyberattack against Bezos is a malicious (and digital) case of the classic steganography in which a message is concealed within another communication. In this case, Saudi Crown Prince Mohammed bin Salman is alleged to have sent Bezos a seemingly innocuous WhatsApp video concealing mobile spyware. Almost immediately, data egress from Bezos’ phone increased by nearly 30,000 percent and spiked over the following months to rates as high as 100 million percent of the pre-video baseline. Although speculation that the Saudis leaked damaging information to The National Enquirer appears incorrect, Bezos would be an obvious target for Saudi cyber groups because of the Washington Post’s support for murdered Saudi journalist Jamal Khashoggi. And regardless of actual damage, the incident provides a chilling reminder of the danger potentially posed by nation-state actors.

Gartner estimates that today, just 30 percent of organizations have Mobile Threat Defense (MTD) in place, and so, it’s naïve to think that Bezos is the only well-known individual that has been or will be successfully targeted by mobile malware attacks. It’s past time, then, that organizations, public and private, invest significantly in mobile threat detection and response. What should this investment look like?

  1. Integrated defense.
    1. Built-in capabilities so that end users are not required to install or manage third-party applications/certifications.
    2. Works with Bring Your Own Device (BYOD) and company endpoints.
    3. Central management for consistent and continuous protection.
  2. Automated and continuous monitoring.
    1. Continuous monitoring means anomalies are detected immediately and raised for remediation. For example, spiking data egress rates would quickly raise an alarm.
    2. Proactive identification of security vulnerabilities through monitoring of OS updates, system parameters, device configurations and system libraries.
  3. AI-driven detection and remediation.
    1. AI identifies and blocks both known and unknown malware from running on mobile endpoints and from within applications.

 Whether Saudi Arabia is responsible for the Bezos hack or not – and it should be noted some questions remain unanswered – the scenario is a potent reminder of the dangers associated with mobile devices. While we often treat mobile as ancillary to cybersecurity strategies, it should really sit at the core of a holistic defense. Unless this is both understood and acted upon, Bezos isn’t likely the first public victim of mobile malware, nor will he be the last.

KEYWORDS: Chief Information Security Officer (CISO) cyber security cybersecurity Information Tachnology security threat intelligence

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John mcclurg

John McClurg served as Sr. Vice President, CISO and Ambassador-At-Large in BlackBerry's/Cylance’s Office of Security & Trust. McClurg previously was CSO at Dell; Vice President of Global Security at Honeywell International, Lucent Technologies/Bell Laboratories; and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cyber tactics

    2023: The year for contextual cyber threat intelligence

    See More
  • cyber security

    Reflections on 35 years in the trenches

    See More
  • Cyber

    Have we declared “open season” on CISOs?

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing