Navigating the Mobile Workspace; The Threat of Mobile Cybercrime – the List from the Labs

The widespread adoption of mobile devices, proliferation of applications and growth of cloud computing have the potential to accelerate business innovation. However, today’s always-on world brings with it a new and ever-changing set of security challenges. Verizon’s ICSA Labs division identified some key mobile cybercrime trends for enterprises to be aware of and guard against in 2012 – it’s worth revisiting as we enter 2013, as unfortunately, many enterprises will still not have taken action! Here’s the List from the Labs:

• Mobile malware is on the rise: The use of mobile malware targeting mobile devices is continuing to increase, and enterprises are wrestling with how to protect users. Obvious targets are smartphones and tablets, with the hardest hit often Android-based devices, given that operating system’s large market share and open innovation platform. All mobile platforms are experiencing an increase in mobile attacks.
• Criminals target and infect app stores: Infected applications, rather than browser-based downloads, are increasingly the main sources of attack. Because they are not policed well, unauthorized application stores are becoming a predominant source of mobile malware. Cybercriminals post their infected applications here to attempt to lure trusting users into downloading rogue applications. Cybercriminals are also finding ways to get their applications posted into authorized application stores. And infections can easily spread beyond the smartphone and into a corporate network, upping the ante on risk.
• Application scoring systems are being developed and implemented: To reassure users, forward-thinking organizations are having their application source code reviewed by third parties. Similarly, organizations want to be sure that the applications approved for use on workers’ devices meet a certain standard. Although it hasn’t happened yet, it is anticipated that the industry will develop a scoring system that helps ensure that users only download appropriate, corporate-sanctioned applications to business devices.
• Hyper-connectivity is leading to growing identity and privacy challenges: In today’s business environment, more users need to legitimately access more data from more places. This requires the protection of data at every access point by using stronger credentials, deploying more secure, partner-accessible systems, and improving log management and analysis. Compounding the issue are a new age of cross-platform malicious code, aimed at sabotage, and mounting concerns about privacy. Enterprises are increasingly no longer able to ignore this problem, and will have to make some hard choices.
• Social-engineering threats resurface: More targeted spear-phishing — an e-mail-fraud attempt that targets a specific organization, seeking unauthorized access to confidential data – has been a major social-engineering threat of 2012. Efforts to educate user communities about safe computing practices are continuing to be a challenge as the user base of smart devices increases dramatically. Social networking sites will continue to implement protection for users from malware, spam and phishing, but sophisticated threats are continuing to seduce users to visit a rogue Website or reveal personally identifiable information online.

Has your business taken this advice into consideration? If not, you could well be at risk from cybercriminals. Taking action now could well prevent major issues in the future.