Godfrey Kutumela, Head of Security Division
Internet of things and mobility are new, and thus attract hackers. They know that security is always an afterthought for most people. Any new technology is just like a house without gate and a door: anyone is free to enter. More importantly, both of these trends are set to be long-lasting—any security strategy that does not incorporate them is worthless.
Today’s cyberwar is fought over malware and the ever increasing mobile app world presents a sweet spot for the bad guys. Mobile is where big data meets social business—definitely a party not to be missed by hackers. Security strategies must move to where the hackers are looking, not where they used to look.
Mobile malware attacks are directed at both individual and enterprise users, targeting mainly identities and data, with the aim of infiltrating all aspects of the individual or corporate digital presence. Mobile money is the prime target for malware, through phishing mostly. What makes this situation bleaker than it might be is that Mobile malware targets today’s app-using mobile workforce, who are unaware of the threat and generally trust any app they come across.
Malware attacks on mobile banking increased by a factor of nine as compared with 2013. US mobile malware rates are growing by 75 percent year on year, and 25 percent of all mobile devices encounter a threat each month. Unfortunately, mobile phones are currently ill-equipped to repel malware attacks. They have relatively low processing power, and so cannot cope with conventional anti-virus packages.
By contrast, malware is small in size, and thus executes well on mobile platforms. Most malware exploits the simple on/off access model found in most mobile operating systems. Thus, for example, a particular app might ask for access to a user's photographs in order to operate optimally, but in the process gain access to all the data stored on the phone, not just the photos.
Internet of Things
Any digital asset today must incorporate a plan to defend itself against Internet-based threats because business imperatives may dictate at any time that those assets should be connected. In addition, companies that begin to connect equipment to the Internet will benefit greatly from continuous threat intelligence and security monitoring in order to assess whether internal security strategies are addressing the real risks. This is critical because we are now talking about connecting heavy machinery, vehicles and medical devices, among others, the Internet. It is not just data or money that is at risk, but also human lives and livelihoods.
The influx of new devices, often using outmoded chips or software, is one of the main challenges to integrating Internet of Things security into the bigger ICT security strategy.