Building mobile cybersecurity awareness and simplifying compliance

Proactive planning, understanding the NIS2 directive and fostering a strong mobile security culture are all crucial to meeting the evolving challenge of today’s cyber threats.

That was the message from the Vodafone Mobile Cybersecurity Connect event held in Sandyford, Dublin, on October 9th. Bringing together industry experts and public sector advisors, as well as Vodafone executives and partners, this latest in an ongoing series of events aimed to provide practical advice to those charged with keeping their organisations safe from the threat of cybercrime.

Speaking to a packed auditorium, Gerard Lawlor, Head of Public Sector for Vodafone Business, launched the event by reiterating the company’s commitment to its role as a trusted advisors on the thorniest issues around cybersecurity. This was quickly followed by a panel discussion led by Edel Briody, Head of Corporate Security, Risk and Compliance at Vodafone Ireland.

Getting things rolling, she discussed the need for public sector bodies and businesses alike to adapt quickly to regulatory changes and implement effective controls to build trust and maintain service reliability.

New regulations, new responsibilities

Richard Browne, Director of the National Cyber Security Centre (NCSC), provided insights into the evolution of European cybersecurity regulations, particularly the shift from NIS1 to NIS2. He explained how NIS2 broadens the scope of compliance to include more sectors and public bodies, making it essential for organisations to adapt quickly.

Browne noted the NCSC is currently dealing with between three and four thousand reported cybersecurity incidents a year, a figure he expects to see rise to 20,000 or 30,000 this year and next, as a consequence of more types of incidents becoming reportable under NIS2 by a larger number of organisations.

“The European Union has expanded its efforts to strengthen resilience across critical infrastructure. NIS2 brings government departments and a broader range of industries under its umbrella, meaning all essential services will need to adhere to more rigorous standards,” he said.

“This will bring with it a significant change in the pace and tempo of reporting by bodies into the NCSC. You will be reporting on a regular basis whether you like it or not, and it’ll essentially have to be automated. If you don’t, that will attract a fine.”

He further detailed the NCSC’s approach, stating that in the face of these increased reporting requirements, it would focus on auditing and enforcing compliance rather than micromanaging entities. “We will be issuing frameworks for organisations to follow, but it’s on the boards and management teams to ensure adherence.”

Simplicity and accessibility in security measures

Andrzej Kawalec, Head of Cybersecurity Portfolio at Vodafone Business, spoke next, addressing the challenges organisations face in implementing regulatory frameworks. He emphasised the importance of simplifying security measures to make compliance more accessible.

“Many organisations are still in the early stages of developing their cybersecurity plans. Our goal is to simplify security processes, ensuring that all businesses from large corporations to SMEs understand and adopt the necessary measures,” he said.

“If there is a fire in your building, everyone likely feels empowered to trigger the fire alarm. But when it comes to cybersecurity, most employees don’t feel similarly empowered to break the metaphorical glass. Many wouldn’t know whether to pick up their laptop, to log on or to not log on? How do they set the alarm off and what should they do?”

Engaging with the new reporting requirements of NIS2 will help create a new sense of empowerment for such organisations. “That’s a resilience question and getting this right has to be our goal,” he said.

For businesses yet to engage in this process, Kawalec used a compelling analogy to describe the complexity they face and how they can solve it. He compared the process to learning to ride a bicycle. “It helps a lot when you start out riding a bike to have as a steadying hand to guide you for a while, until you gather enough momentum to keep going on your own.”

“That’s our role, to be that steadying hand. It’s about providing the right tools and support so that organisations feel confident and capable of maintaining their cybersecurity posture,” he said.

Integrating mobile device management and threat detection

Tom Davison, Senior Director of Sales Engineering with Vodafone partner Lookout, expanded the discussion by focusing on the crucial role of mobile security in corporate environments. He highlighted that mobile devices, often underestimated in terms of security risks, have become essential tools in accessing corporate networks and sensitive data.

“There’s been a misconception that mobile devices are less vulnerable. In reality, they are now the primary gateway to corporate systems, making them a significant target for cyber criminals,” Davison explained. He stressed the need for organisations to go beyond traditional mobile device management (MDM) and incorporate mobile threat detection (MTD) tools as part of a comprehensive managed service.

“MDM alone manages devices, but it doesn’t secure them fully. It’s like having a lock on your door without any monitoring or alarms. By combining MDM with MTD, organisations can monitor threats like phishing, malicious apps and compromised networks, ensuring a proactive defence strategy,” he said.

Davison also emphasised that a managed service approach provides the visibility and control needed to respond to mobile threats effectively, integrating with other security measures for maximum protection.

Incorporating training and awareness

“Training and empowering employees are crucial,” said Edel Briody. “We must move away from viewing staff as the weakest link and instead recognize them as key assets in our defence strategy.”

The Vodafone Mobile Cybersecurity Compliance event underscored the critical need for businesses to stay ahead of regulatory requirements while building comprehensive security plans. Through expert presentations and hands-on sessions, attendees gained practical insights into improving resilience and adapting to the ever-changing threat landscape.

Closing the event, Amanda Nelson, chief executive officer of Vodafone Ireland, reiterated the company’s commitment to serving as trusted partners to business and public sector bodies in need of guidance and support in a challenging time.

“It’s really important to me that we have real answers for people in real world situations, based on our global experience and up to date knowledge. We really do see this as a hand-in-hand relationship with our customers, and our role is to protect them,” she said.

“We want to be able to offer fresh thinking and fresh ideas, and the ability to combine our experience makes us all sharper and stronger. We don’t just advise others on how best to secure their assets, telecommunications infrastructure is a very significant target so cyber security is a real and daily concern for us. It’s never off my risk radar.”