by Mike Stramaglio, MWA Intelligence
Ever since the day I got my first BlackBerry, I’ve had a smartphone in my hand or attached to my hip. I’ve even been known to wear out keyboards on my BlackBerry because of my insatiable obsession with communication.
Smartphones are a wonderful business tool, especially for mobile workers who now have access to more mission-critical business information on the road than they would have had on a desktop PC a few short years ago. Today, smartphones not only make calls and send and receive email, but they are also an extension of you and your business, containing all of your business intelligence as well as personal information. So with all of the recent stories about cyberattacks hitting smartphones, are you a little nervous? I know I am — especially considering that mobile malware (viruses) is increasing year over year at a rate of 250 percent. Think of all the critical information that passes through your company’s smartphones daily and what it would mean if it got in the hands of criminals — or worse yet, your competitors!
As you look at how smartphones are used today and potential places security threats come from, Web browsers on smartphones stand out as a key security risk. A recent report on emerging cyberthreats in 2012 published by the Georgia Tech Information Security Center (GTISC) and the Georgia Tech Research Institute (GTRI) stated that mobile applications rely increasingly on a Web browser that presents unique challenges to security in terms of usability and scale. The report went on to predict more Web-based attacks against mobile devices this year and indicated that smartphones are now major targets for data theft.
Unfortunately, as mentioned in a recent report published by mobiThinking, these cyberattacks aren’t limited to one specific smartphone or operating system. Last year, malware targeted at Android phones infected more than 250,000 users, and a single hacker stole data from more than 100,000 iPad users. For those of you using Microsoft Windows Mobile or Nokia’s Symbian operating systems, be forewarned that because these are the oldest mobile platforms, they are the most vulnerable to some of the most extremely effective malware on the planet.
In the mobiThinking report, Ruben Rico, mobile product manager, Oberthur Technologies, and chairman, SIMalliance Mobile Internet Security Workgroup, stated, “Just like in the conventional fixed Internet world, attacks come in all shapes and sizes — such as phishing (criminals attempt to trick users into sharing passwords, etc.), spyware (tracks users’ activity, perhaps selling data to advertisers), worms (a program that copies itself onto multiple devices via network connections), trojans (a program that looks genuine but hides malicious intent) and man-in-the-middle attacks (where a criminal intercepts and manipulates messages between two devices or device and computer).”
The report went on to quote Peter Wood, CEO, First Base Technologies, and vice president, Global Institute for Cyber Security & Research, who said that “smartphones have surpassed laptops as the most likely thing to be lost or targeted by thieves or hackers. Many organizations have now secured company laptops with full-disk encryption, so they are less of an easy target for criminals than they once were. Unfortunately the smartphone has now replaced laptops as the soft target. They are small and so easy to lose or be stolen. Plus they are always on, generally not centrally-managed by IT departments and are often poorly protected either with just a PIN code or weak password.”
Needless to say, we all need to be very aware of just how secure smartphones are today and take steps to ensure their security. As stated in the mobiThinking report, some of the precautions you can take to protect your mobile workers’ smartphones include simple steps like keeping your OS and software up to date, making sure that your mobile workers only download apps from reputable sites, using strong passwords, reminding your mobile workers to be cautious when accessing the Internet through public Wi-Fi hotspots, and turning off Bluetooth connections when not in use.
While these are great recommendations, they will only protect against some of the threats heading our way, and protecting data on your smartphones isn’t the only risk. Smartphones can also be an “on-ramp” for malware targeted at your core infrastructure that can seriously damage your business. Consider how casually smartphones are attached to your corporate network via a wireless network or as a standard USB disk. We have all heard the stories of how USB disks are one of the simplest ways to introduce malware to your network. Think about it. When was the last time you or one of your mobile workers attached a smartphone to a USB port on a laptop or workstation to simply charge the battery? Was it secured, or did malware get uploaded to your corporate network?
The good news is that many high-level technology companies are working diligently to resolve the cyberthreats focused on mobile workforces, and you’ll begin to see these very unique and powerful solutions hit the market over the next few months. These solutions will allow your mobile workers to continue to use their smartphones the same as they do today but will ensure that your business-critical information is protected with the same robust technology approved for use in the U.S. military, the National Security Agency and several other government entities.
In the meantime, the best way to protect your business-critical information is to be extremely vigilant in managing how your mobile workers use their smartphones, knowing where and how they connect to your corporate infrastructure, and understanding their use of Web-browser-based applications. While developers of Web-based applications might tell you that they are secure, it’s really a business issue, in that it’s easier and less expensive to develop Web-based solutions. Most industry experts agree that Web browsers on smartphones are extremely vulnerable to cyberattack, so instead of using smartphone Web browsers, it is always a better solution to use application-specific utilities developed by trusted companies which have been downloaded from reputable market sites.