By ROMMY IMAH (with Agency reports)
A mobile security expert has warned that the best way to protect business information on smartphones from cybercriminals is to leave that information off smartphones.
Andrew Hoog, chief investigative officer at viaForensics, a security vendor said at a cybersecurity summit in Washington, D.C., hosted by the Computing Technology Industry Association (CompTIA) that as mobile security is still evolving, and smartphones are vulnerable to hackers and to social engineering schemes, Cybercriminals are starting to target smartphones,.
Hoog said because mobile devices combine personal information and corporate information, “It becomes a much richer target.”
According to a report posted at computerworld.com, Hoog was quoted as saying that ViaForensics recently completed a review of 100 popular mobile applications. Eighty-three percent of those apps either warranted a security warning from the company or failed the company’s basic security tests, meaning they stored sensitive data insecurely, he said. The company gave warnings to apps that store app data in an unencrypted form.
The research further showed that ten percent of the apps tested stored passwords in plain text, and 25% of the financial apps failed the company’s tests, Hoog said.
“It is possible to build secure mobile apps,” he said. “But when we're just scratching the surface, just looking for the most basic information, at this point in time, we're recovering enormous amounts of data on these devices.”
Part of the problem for corporate IT departments is that employees are bringing in a wide variety of mobile devices to use in business settings, added Brian Contos, director of global security and risk management at McAfee
“Fundamentally, the problem with mobility is that the technocracy is over,” Contos said. “It used to be that ... the IT people would say, “This is what we’re going to run, this is how we’re going to run it, these are the applications you’re going to use.”
Contos told the audience that he was at an organization in Bogota, Colombia recently. “They had all their auditors, all their IT folks, standing up there and telling their CIO why they shouldn't allow mobile devices on their network,” he said. “They had charts, graphs, tables. After about an hour, they made their point, and the CIO stood up and simply said, 'But I love my iPad.”
Allan Friedman, a research director at the Centre for Technology Innovation at the Brookings Institution said in addition, mobile app and OS developers want to make their products easy to use. Criminals using spyware and other schemes count on split-second decisions by smartphone users, he said.
“The challenge for security is, to have someone make a good decision, you need to force cognition,” he said. “You need to actually make them think. This is the opposite of usability.”
Some mobile security vendors have tools that can make mobile devices much more secure than they are out of the box. Mobile security is a race between security vendors and cybercriminals. “If we get to them first, we win the race,” he said.
No comments:
Post a Comment