FEATURE: MOBILE MALWARE
Challenges in combating
mobile malware
Despite user’s best intentions, Brand points
out that occasionally mobile devices will
have malware applications side-loaded
on to them before they are sold, meaning
they are in a rooted state on purchase. “It
is possible to perform certain device-level
checks to determine if a device is rooted,”
Brand says.
“While a rooted status is not necessarily
an indication that a device has been
compromised, it does mean that it would be
a lot easier for malware to live there without
being detected. Knowing the root status of a
device informs the user that their data might
be at risk and prompts organisations to take
precautionary measures.”
//////////////////////////////////////////////////////////////////////////
System-based threats: Manufacturers
can sometimes introduce vulnerabilities
unintentionally that can compromise devices.
Application-based threats: Malicious
applications (malware) can perform
operations on the device like compromising
or stealing information.
Mitigating the risks
It’s not all doom and gloom and industry
experts advise that CIOs who want to reap
the many benefits that come from using
mobile devices in the workplace need to
adopt a multi-layer approach to security,
services when connected to an unsecure
public Wi-Fi.
Badenhorst suggests that a security
approach to BYOD should consider the
following key aspects:
Effectively protecting all points and
mobile devices connected to the
corporate network: It’s important for a
comprehensive security solution to ensure
security across the entire network and not
just focusing on mobile devices. Failure to do
this could cause compatibility problems to
arise and cause extra work for the CIO and
IT security team.
Protecting different operating systems is
also a challenge for CIOs; Apple iOS does
not allow for antivirus solutions and older
EOL Apple iPhones and iPads can no longer
receive security updates and should never be
used on the corporate network.
Morton sees protecting against mobile
malware as a four-fold challenge for CIOs:
Physical threat: This is the possibility of
physical loss or theft of a mobile device. Or
hackers gaining access to the device and
installing malicious software.
MOBILE DEVICE MALWARE IS APPEALING
TO CYBERCRIMINALS BECAUSE THE ATTACK
DOES NOT REQUIRE YOU TO PENETRATE
AN ORGANISATION’S PERIMETER OR CLOUD
RESOURCES DIRECTLY.
Network-based threats: When employees
use their mobile devices to connect to the
corporate Wi-Fi, they have access to a range
of resources. This exposes the network to
a range of threats and employees are also
able to copy information from the network
onto their devices which may not be
adequately protected.
60
INTELLIGENTCIO
relying on behavioural change as well as
technologies. Alderton suggests updating
apps and operating systems on a regular
basis; only downloading apps from trusted
sources; paying attention to privacy
settings on social media apps and sites;
setting an automatic lock on mobile devices
and not accessing key accounts or financial
Managing of mobile devices: It is worth
employing appropriately qualified IT security
specialists on the team who can provide
centralised management of all mobile
devices. These skilled employees can ensure
all mobile applications are installed, removed
and updated via corporate portals.
Dealing with lost or stolen devices:
Businesses must develop robust scenarios
for how to remove personal devices from the
corporate network if they are lost or stolen,
or if an employee leaves the company. A
procedure should be developed to remove
confidential data from these devices and
block access to the corporate network.
Education of employees: Staff should
be aware of the realities of cybercriminal
activity and the need for device security.
This can be achieved through an IT security
education programme. n
www.intelligentcio.com