Mobile malware attacks were in the news again, highlighting the growing threat to mobile security for enterprises and end users. Last month culminated in the discovery of BadNews, mobile malware that Android users inadvertently downloaded up to nine million times from the Google Play store. BadNews was designed to generate fake news alerts in order to encourage users to download other infected apps, illicitly sign up phones for premium SMS services, and acquire a user’s phone number and unique device I.D.
Malware threats are set to become more common, and more sophisticated, as the functions and usage of smartphones increase. According to new data from ABI Research, unique mobile malware threats grew by 261% in just two quarters.
The worrying indication is that, so far, businesses and users have been slow to implement the mobile security products and—in the case of enterprises—the coherent and comprehensive strategies needed to combat such threats.
A study from Juniper Research released last September found that only 5% of smartphones and tablet devices globally have security software installed, despite a steadily increasing threat from malware, fraud and device theft. The report suggests that malware attacks, identity theft and device loss will drive demand for mobile security products in the next five years, resulting in one in five mobile devices being protected by third-party security products.
But given the sheer scale and diversity of the mobile security threat, enterprises will need more far-reaching strategies and policies. Indeed, enterprises face an unprecedented threat to their security as uptake of devices such as smartphones and tablets skyrockets. Gartner says a record 207.7 million smartphones were sold to end users worldwide in the fourth quarter of last year.
The reality is that enterprises can do little to prevent employees from bringing their own smartphones and apps into work or using company-owned devices for leisure purposes. Nor can they fight the tide of information decentralisation, which takes data far beyond the control of company servers and databases.
But they can put in place the business processes, technology and products to take mobile security to a new level. A structured and coherent approach to mobile security management will enable enterprises both to better protect their data and benefit from the productivity gains that mobility provides.
Enterprises need to be clear about which mobile assets they want to protect, why and where, as well as which employees and customers need to be drawn into their security architecture. In addition, mobile enterprise security management and mobile security testing will become increasingly integral to companies’ strategies, as well as continual evalution and evolution of architectures over time.
No enterprise can afford to wait for the worst to happen. Take your mobile security to the next level and turn potential Bad News into good news. And on that note we just published a Mobile Security point of view, which you can download here…