There’s a wave of malware headed towards organizations that cybersecurity pros may not be ready for. We’re talking about mobile-based threats, which so far have been fewer than those aimed at desktop/laptop computers. But there’s every indication that malware creators are — like the rest of us — getting on the smartphone/tablet bandwagon.
Last week, for example, Hewlett-Packard issued the latest threat report that included a warning, declaring that in 2014 mobile malware “stopped being considered just a novelty.”
An extensive feature published today by SC Magazine looks into mobile threats and finds neither the security industry nor organizations are well prepared.
One big problem is the number Android phones being sold with less than up-to-date operating systems. I made a quick check this morning and found one small Canadian carrier still selling a handset running Android 2.3.5. Small wonder the article quotes one expert complaining that some phones on the market “are being sold with operating systems that are analogous to Windows 98.” Brand new devices are sold with old, less secure versions of the operating system and neither manufacturers, nor carriers have any interest in providing more secure versions of the OS, he said, which is a critical problem.
To some degree, protecting the enterprise from mobile threats involves the same approaches as any other online menace including: educate employees, segmenting and classifying data and not allowing any devices on the network that don’t have minimum protection. But it also involves ensuring mobile devices can separate corporate data from personal.
HP says we are seeing exponential growth in the number of discovered malicious apps, with the majority of them targeting the Android platform. “The actual reported numbers vary from company to company,” it says, “but the general consensus inside the anti-malware industry is that there are over one million unique malicious apps known today, with several thousand more discovered on a daily basis.”
Is your organization prepared?