As the use of mobile devices within enterprise reaches a fever pitch, the risks associated with malicious applications have never been greater. It seems like every other week, we’re hearing about some new smartphone virus that’s sweeping the web – and as an administrator, it’s your job to defend against those viruses. In order to do so, however, you first need to understand them.
You need to know the mechanisms by which they spread, the reasons they’re created, and the vulnerabilities they exploit. More importantly, you need to know what to look for in an infected device – and how to lock off your data from a malicious application. The knowledge by which you can defend your business can be divided into three broad categories.
Let’s talk about them.
It Comes In Many Different Shades
Some malicious apps are designed to sit by the wayside, quietly siphoning data to an external server. Others are a bit more vicious, and lock down access to a device until a ransom is paid. Still, more are simply created to sow chaos, deleting and damaging data wherever they go. Option two’s the one that’s most common in enterprise at the moment – and the one you’ll most need to defend against.
According to Trend Micro, ransomware is simultaneously the fastest-growing (and least known) threat for mobile devices. Their research found that unique threats grew fifteen times higher in June 2016 than in April 2015. Not only that, it’s growing more complex, evolving to counteract protective measures against it.
No Operating System Is 100% Safe
Whether you’re using Android or iOS, viruses are present on both – though it’s true that the former is targeted more frequently than the latter. No matter what operating system you’re using in your organization, you need to make sure you’re taking the necessary steps to protect your data. If you assume you’re safe simply because your employees use iOS, you’re going to feel like quite the fool when you end up getting breached.
“It is clear that the security community continues to remain on top when it comes to security and privacy,” reads a piece on International Business Times. “However, experts indicate that this is slowly changing – and attacks hitting both platforms are only going to evolve in strength and capability as time goes on.”
Apps Can Be Unintentionally Malicious
Most consumer apps leak data like a sieve, and believe it or not, iOS apps do it more often than Android apps. While the reason for this data leakage might be innocent enough, such as the collection of advertising information or poorly-coded security controls, it can still put your files at risk. You need to defend against these apps as though they are malicious – because with such poor security, they very well might be.
“Mobile apps and online services such as Facebook, Google et al. might not cost anything, but they come at the cost of having our privacy picked over by voracious ad networks,” writes Naked Security’s Lisa Vaas. “In-app advertising is leaking potentially sensitive personal information on millions of mobile phone users, including how much money we make, whether or not we’ve got kids, and what our political leanings are.”
But that’s all personal information, right? Corporate data is safe. Isn’t it?
No, not really. A leaky app that constantly siphons data off to an external server isn’t going to differentiate between corporate and personal data. It’s going to suck up everything – that’s why it’s imperative that you take measures against poorly-secured applications.
So, there you have it. A brief primer on mobile malware – a bit intimidating, isn’t it? The good news is that it isn’t extremely difficult to protect your critical data:
- Containerize your devices, and delineate between ‘work’ and ‘personal’ accounts through a tool like Samsung KNOX or Android for Work.
- Apply app-level encryption/containerization to your critical software.
- Educate your users into the tactics necessary for recognizing phishing scams and social engineering attacks.
- Consider investing in a solution that encrypts or otherwise allows you to retain control of critical files such as contracts and product blueprints.