Leading analyst firm International Data Corporation (IDC) recently released a report showing two trends are increasing the risk of smartphone cyberattacks. First, Q1 2013 smartphone sales finally surpassed regular feature phone sales. Second, total smartphone sales increased 41.6 percent. So why does this increase the smartphone threat level?
Cybercriminals have always been attracted to the most popular platforms. The first widespread PC viruses were on the early Apple platforms, such as Apple II and Apple IIc. However, the threat shifted to the IBM PC the same year that IBM sales surpassed Apple PC sales. Web browser threats followed the same pattern as they often exploited Internet Explorer until Firefox and Chrome became widely used alternatives. Today, even Safari is at risk, but mainly due to cyberthreats that exploit Java and other popular common components.
Nevertheless, today's cyberattacks have a wide variety of objectives. They are not all focused on a single smartphone platform. For example, while IDC reports only a 17.3 percent overall market share for the iPhone, it is still very popular in many sectors of business making it a primary conduit to reach victims. Conversely, cybercriminals looking to attack a broader audience will likely target Android-based devices.
IDC also recently conducted the 2013 U.S. Mobile Security Survey where they interviewed 200 IT decision-makers to gauge their stance on personal mobile devices (PMDs) in the enterprise. Turns out, 62.5 percent of all respondents said their organization embraces the bring your own device (BYOD) movement. In addition, more than 50 percent of employees access corporate data on mobile devices while traveling on business.
Mobile security education, tools and best practices
Most organizations adopt BYOD to help their nomadic workforce be more productive. The problem is mobile devices, specifically smartphones, seldom have adequate mobile security software. Mobile security risks also extend to the growing use of tablets in the workspace. Mitigating this risk requires a combination of education, security tools and best practices.
Education should begin by helping users understand that the threat is real and present. No platform is safe, and all apps are suspicious. Both iTunes and Google Play have unknowingly distributed malicious apps. Also, jail-breaking a device is the height of mobile recklessness. Unfortunately, many users perceive mobile threats as 'hype' and do not respect the potential damage their device can inflict on the organization. In addition, recent surveys have revealed that 30 to 50 percent of users do not password protect their devices. The Websense 2013 Security Predictions includes a spotlight article on mobile threats. Simply sharing it may help you educate your users.
Security tools must extend beyond mobile device management (MDM) and must address both threats and data loss protection. This 3-Step Plan for Mobile Security details how to apply layered defense strategies to mobile platforms. IT can no longer settle for single solution defenses. Lost and compromised devices threaten the security of intellectual property.
To help you formulate your mobile security strategies, Websense recently recorded an interview with several executives to gauge their thoughts on mobile cyberthreats.
How have you tackled mobile security?