Studies Show Enterprises Unprepared for Mobile Malware, IoT Threats
The risk of mobile malware is rising as Internet of Things (IoT) apps and bring-your-own-device (BYOD) policies take hold in global enterprises, presenting a fresh batch of security concerns for IT professionals.
Dark Reading reports that the growing BYOD movement, combined with nascent IoT implementations, is exacerbating cybersecurity threats. Now, enterprises face the daunting task of preventing mobile malware intrusions on devices employees use to access company networks. In addition, they’re facing the new challenge of securing IoT apps and hardware that may lack enterprise-grade protection.
IoT and Mobile Risks
Two recent studies drive this point home. The Ponemon Institute’s 2017 Study on Mobile and IoT Application Security surveyed 593 IT professionals involved in mobile and IoT application security, and its findings were sobering. While organizations are having a harder time securing IoT apps than mobile apps, many companies aren’t mobilizing against this threat.
In fact, 44 percent of respondents say they are “taking no steps” to prevent an IoT attack, and 11 percent are unsure if their organization is doing anything to stop one, the study found.
Other eye-opening takeaways include:
- Nearly 80 percent of respondents say the use of mobile apps significantly heightens security risks in the enterprise. Similarly, 75 percent say IoT apps increase risk.
- Which mobile apps are in use? A lot of companies don’t know. In fact, 63 percent of respondents are either “not confident” (30 percent) or “have no confidence” (33 percent) that their organizations know all the mobile apps used by employees.
- End-user convenience tops protection. App security often doesn’t get the attention it deserves because of pressure to provide easy-to-use mobile and IoT apps.
- Rush to release is the main reason why mobile and IoT apps contain vulnerable code.
Mobile Malware: A Growing Threat
The second study is from security vendor Trend Micro, which reports blocking 65 million mobile threats in 2016. In a recent blog post, the company reported that while BYOD policies continue to trouble organizations, it hasn’t seen malware targeted specifically at enterprises.
In the U.S. last year, malware that furtively collects and leaks information, including sending and receiving text messages, was widespread. Globally, exploits and rooting malware were most common, the company found.
Mobile ransomware was very popular among cyberattackers last year. These exploits shared the common tactic of “abuse, bait, intimidate, extort,” reports Trend Micro. For example, most ransomware incidents involved screen-lockers that exploited Android OS’s features, employing “social lures” like popular games, pornography and fake system updates. Users were also tricked into granting administrator privileges to malware, which could then change the device’s lock-screen password and ensure it wasn’t uninstalled.
What’s it all mean? Organizations need to step up their game to stop mobile and IoT threats.
Mandeep Khera, chief marketing officer at Arxan, told Dark Reading that enterprises appear to be waiting for a very large, highly visible attack — or perhaps government regulation — before bolstering their mobile protection.
“This is a huge mistake,” said Khera. “One hack could set an organization back dramatically in terms of financial losses, brand damage, recovery costs and even drop in stock price.”
Image Source: Pixabay