While it's true that the design of some aspects of mobile operating systems afford better built-in security against certain types of malware, it is a mistake to assume that mobile devices are impervious to threats.
In fact, the current state of mobile malware is reminiscent of the early days of computer security as a whole. In those early days, many believed that simply practicing "safe surfing" would be a sufficient countermeasure.
Unfortunately, that mentality has led many to be unprepared when malware's evolution turned it from relatively benign to truly malicious. As a result, when threats such as ILoveYou, Nimda and Storm were released to the digital world they spread like unchecked wildfire.
The evolution has continued and today such sophisticated malware as Stuxnet, Flamer and Duqu, and such prevalent threats as drive-by downloads, fake antivirus software and ransomware all prey on victims with great skill.
As such, the time is now to take a lesson from history. Similar to those early days of modern computer security, the evolution of mobile malware accompanied by a steady increase in the amount of these threats that shows no signs of stopping.
In fact, in September the number of individual mobile malware samples observed by Symantec rose to 127,239, an increase of 39% from just the previous month. Even more startling is that since July 2011 the number of mobile malware samples seen by Symantec has increased by an average of 55% every month.
These numbers indicate that cybercriminals are focusing on mobile because they see opportunity there. The fact of the matter is that the vast majority of cybercriminals aren't in the business for the fun of it. They are in the business because they make money by doing it.
As more enterprises and individuals come to rely on their mobile devices for everything, both at work and personally, the focus on exploiting mobile devices will only continue to grow. In fact, Symantec predicts that 2013 will be a watershed year for mobile malware. Enterprises must be prepared.
To aid in this effort, here are a few best practices both enterprises and users should follow to avoid mobile malware:
Especially in the age of BYOD, enterprises should implement mobile device management (MDM) and mobile application management (MAM) to ensure the devices connecting to company networks and the data being accessed remains protected at all times.
- Users should only use app marketplaces hosted by well-known, legitimate vendors for downloading and installing apps.
- Users should also review other users' comments on apps to assist in determining if an app is safe before downloading.
- Users should pay attention to the name of app creators. If downloading a popular app from a well-known app creator, then an app that purports to be the legitimate version, but has a different author listed should be a definite red flag.
- During the installation of apps, users should always check the access permissions being requested for installation; if they seem excessive for what the application is designed to do, it would be wise not to install the application.
- As always, opening texts and email and browsing social networking sites on mobile devices needs to be conducted with discernment. Users shouldn't open unidentified links, chat with unknown people or visit unfamiliar sites. It doesn't take much for a user to be tricked into compromising a device and the information on it.
- Users should avoid jailbreaking or rooting devices. Tampering with operating systems often makes devices more susceptible to mobile threats. Enterprises should not allow such devices access to their networks and resources.
- Utilize a mobile security solution on devices to ensure any downloaded apps are not malicious.
The benefits that mobile technology provides can't be overstated. However, it's important to remember that cybercriminals go where the people are, and clearly, people are going mobile. Take a few simple steps to protect mobile devices and secure the increasingly sensitive information they hold.