By: Brian Egenrieder, CRO, SyncDog
Over the last couple of years, there has been an increasing number of serious incidents regarding iOS’s failure to meet its reputation as highly secure. These incidents include the Checkm8 exploit and the bug-filled rollout of iOS 13 in the fall of 2019. Most recently, Unc0ver, a hacker group, unleashed a tool to the public that can jailbreak iOS versions 11 to 13.5, and it was done without notifying Apple of the vulnerability first.
This flaw has been equated to a zero day vulnerability. These are security flaws in software for which the vendor does not have a patch ready to fix it. Unc0ver’s jailbreak was released on May 24 and Apple released a patch for it on June 1.
Here is why the week-long window of the iOS zero day vulnerability is so significant:
Apple’s brand reputation is staked on iOS’s strong security compared to other market options for tech. The past year has proven to consumers that they cannot trust a smart device’s innate operating system for adequate data protection. More so, companies whose employees use iPhones to conduct work need to have those devices furnished with extra security measures.
From an enterprise perspective, whether an employer-provided device or BYOD environment, the IT team must have the opportunity to implement additional means of protection such as Secure.Systems, which is an encrypted container. It is simply irresponsible, and non-compliant with certain government regulations, to leave sensitive information’s safety up to chance. As they say, it’s not a matter of if, but when your company will experience a cybersecurity attack.
Potential Reputation Damage
Again, whether your iPhone is used for personal or professional purposes, this zero day vulnerability opened the door for attacks like malware and ransomware. Beyond exposing sensitive company data and customers’ PII, attacks cause brand reputation damage. So an investment in additional mobile security measures is not only an investment in the protection of data but also the protection of your business.
For advice on how to best protect your corporate data on employees’ devices, without providing them with a poor user experience, check out our blog on leveraging “dual personas” on the devices.