Last month Intel Security released its annual Mobile Threat Report which painted a worrying picture for mobile and wearable tech security. Cyber-attacks, including bank fraud, ransomware and remote access attacks are quickly migrating from the desktop to the mobile world, and are rapidly increasing in number.
In a period of just six months in 2015 MacAfee labs detected 37 million incidents of malware across multiple App stores; by Q4 mobile malware had reached 1.4 million – an increase of 24 percent from Q1, in which it was less than 800,000.
For almost all interactions outside of business, the smartphone has become the dominant identity management portal. From storing personal photos, contact lists and journey planners to accessing bank accounts and interacting on social media platforms, the smartphone is a comprehensive tool for managing almost the entirety of an individual’s digital identity.
This means the smartphone’s physical cost is significantly outweighed by the personal value it holds for its owner. This personal value only increases when considering the volume and importance of the data requested, stored and used by applications that can be downloaded in less than a minute.
With smartphones being chosen in favour of PC’s for identity management activities it’s no surprise that cybercriminals have quickly followed suit in targeting them. IT security professionals will need to stay one step ahead.
Malware attacks are not, however, the only security issue facing smartphones and tablets. As with the direct marketing techniques used to target desktop users based on links clicked on and websites visited, tailored marketing will come to the fore on smartphone and tablet devices. The huge amounts of data broadcast through the apps on these devices have the potential to be used against the user’s wishes, for instance recording user’s journeys and locations and even monitoring behaviour so that companies can tailor their marketing campaigns.
The security situation is only going to be exacerbated for IT security professionals with the increase in wearable technology. Smart glasses, smart watches, fitness trackers and wearable medical tech are just a few of the devices that pose such a risk due to inherent lack of security and interconnectivity to other devices, or platforms, such as the cloud, which these devices often automatically upload data to.
The increase in wearable tech, combined with the role the smartphone now plays in people’s lives is expanding the landscape across which cybersecurity professionals have to operate and the skills they need in order to defend against these new threats.
Adaptation is key, and in the short-term we are likely to see more businesses examining wearable tech and smartphone usage policies and how they are written into employee contracts to protect the business’ privacy and security. In the longer term, as the array of products and concepts blending technology, service and data, such as Industry 4.0, develop in an increasingly complex and interconnected digital economy, a ‘security by design’ approach will be paramount.
Adrian Davis, Managing Director, EMEA (ISC)2