Unpacking 5G

By Art King
Published: December 2, 2020

The biggest security threat to your building’s network might be right in front of you: your company-issued, Wi-Fi-connected mobile device.

The threat posed by mobile devices connected to enterprise Wi-Fi is one of the most underrated risks to a company’s in-building network. IT departments may consider the risk to be low, because they’ve installed Enterprise Mobility Management (EMM) software on employees’ mobile devices. But malware can still potentially enter through the mobile device -- for example, through the targeted email attacks known as spear-phishing, or through physical tampering or other methods.

Email attacks are particularly prevalent, and mobile devices are especially at risk. Verizon’s 2020 Data Breach Investigations Report examined 32,002 security incidents from both the public and private sectors. Of those, 3,950 were confirmed data breaches. The report found:

• Where the installation method of the malware was known, 94% arrived through email.
• When attacks come through email, social media, or sites that resemble legitimate web pages, users are significantly more vulnerable when they are on mobile devices, research has shown.
• 3% of incidents are split between espionage and financial motives.

When malware enters through an employee’s mobile device, that device becomes a substantial threat to the enterprise, because it can see every device attached to the network, all the way to the data centers.

IT departments, often pressed for time and resources, may not even have accurate records on what’s installed on all those mobile devices. Do they have the most up-to-date operating systems, with the latest security enhancements? It’s often not clear, when the devices are semi-managed by the device owner and not IT.

The threat posed by a compromised device can vary based on the intention of the people behind it. Compromised devices can be:

• A beachhead for propagation of malware across the enterprise. Malware could spread not only to mobile devices with a similar operating system, but to Windows and other platforms visible from the enterprise network attachment.
• A hidden back door to the enterprise: A mobile device with a high-speed LTE port on a public network, a Wi-Fi port on an enterprise network, and cached credentials are recipe ingredients that a bad actor can leverage to gain extended access to the enterprise.

The risks are growing. They can be costly, too: In the U.S. alone, the cost of lost business after a breach adds up to $3.86 million, according to data compiled by IBM. Further, according to Verizon’s report, 25% of breaches took months or longer to discover.

How can business owners and building operators reduce their risk? By keeping mobiles on a robust in-building cellular network while inside the enterprise premises and using app-based VPN connections to internal and cloud services.

By placing mobiles on in-building cellular networks in combination with app-based VPN -- as opposed to connecting directly to enterprise Wi-Fi -- you’re reducing the attack surface of the enterprise. Using app-based VPN means that the whole enterprise is not visible to the remote device, but just a select server.

An app-based VPN service can keep compromised mobile devices from spreading malware through the enterprise. The VPN creates a point-to-point encrypted path from the mobile device’s local app to the target business platform.

An additional advantage of app-based VPN is it leverages other intrusion detection and prevention services to potentially accelerate the discovery of the malware.

As enterprises evolve their mobile strategies to accommodate the surging number of mobile devices in use by their workforce, they are investing in a “Universal Wireless” strategy where mission-critical LTE coverage throughout the workplace is paired with Wi-Fi coverage. These LTE mobility investments, when combined with app-based VPN , enable Information Security teams to significantly reduce the risk that semi-managed mobiles or tablets present when attached to enterprise Wi-Fi.   

Security isn’t the only benefit of a long-term investment in cellular improvements. A robust in-building LTE network can deliver other benefits, including:

Compatibility with “green” construction. Energy-efficient buildings built to LEED standards pose a challenge for connectivity. The outdoor cell signal weakens significantly when it passes through windows and walls. Bringing cellular connectivity indoors solves that problem.

Performance. Moving mobile devices from Wi-Fi onto LTE can significantly improve performance in environments with high bandwidth demands. Consider hospitals: Guests scrolling through their phones and patients streaming video from their beds are competing with medical professionals for bandwidth. Offloading clinical devices from the Wi-Fi network can enhance performance for these devices in patient care areas.

IT costs. When a company’s mobile devices are connected to enterprise Wi-Fi, as a replacement for LTE service, employees’ service requests can quickly overwhelm an IT department. All dropped calls, authentication problems, connection failures, and device performance issues become the responsibility of IT. Bringing the cellular network indoors reduces IT support costs. It also can result in significant savings in licensing costs, because connecting mobile devices to enterprise Wi-Fi often requires licenses not only for the Wi-Fi service, but also the enterprise firewall and or other operations systems that are licensed via the quantity of attached devices.

Bringing cellular indoors as part of a Universal Wireless strategy carries enormous benefits from security to cost-reduction to increasing employee satisfaction. It’s an investment that pays big dividends. In fact, a recent study of 415 business executives by Deloitte report that 62% of them want to co-adopt 5G and Wi-Fi 6 with that number rising to 93% in three years.

For more on Corning’s enterprise solutions, visit our In-Building Cellular Coverage page.