Challenge: The next battlefront in the data security war is mobile, as mobile malware incidents continue to rise. Collaboration is key to success.
Why It's Important: Mobile malware is on the rise, exploding in magnitude in the past six months. In the past year, the number of variants of mobile malware has exploded from several hundred to hundreds of thousands, if not millions. It comes in many forms, such as SMS grabbers that reroute multifactor identification, and it undermines security measures by even the most fortified institutions.
We're all infected with malware; it would be unwise to deny this simple truth. The point of infection has evolved beyond simply clicking a suspicious link. Today simply viewing a webpage, even a trusted bank's home page, is enough to get a footprint on your device. Call it "drive-by malware," if you will. Mobile browsers and applications are no exception.
McAfee has recorded 50,926 mobile malware threats, with 28% of that total arriving in Q1 2013 alone. In all of 2011, McAfee recorded only 792 threats.
Where The Industry Is Now: A mistake any company can make is to put the burden of protection onto the end user, such as asking them to update their browser, or not click on suspicious e-mail links. Malware must be stopped at the enterprise level, and the movement to collaborate on effective solutions is underway.
According to Jens Hinrichsen, VP of marketing and business development at Versafe, a provider of fraud detection solutions, the amount of malware is spiking, but the industry is seeing just the first wave of much more sophisticated malware. "I expect we'll see another wave in 6 to 9 months," Jens says. He adds the malware is similar to what we see on PC and laptops. "It's very surgical at times; they might modify mobile malware to go after a very specific exploit."
[For learn more about all of the topics that will shape the business technology landscape next year, download the November Digital Issue: Capital Markets Industry Outlook 2014.]
Focus In 2014: Corporations have had time to prepare for the increase in attacks, but that hardly makes it manageable. "So much is infected," says Hinrichsen, "that firms are asking, ‘How do we protect the data? How do we separate different parts of the mobile device?' Everyone knows they have to do something, even if it's in preparation."
In response, in 2014 we can expect to see an increased focus on mobile application management and mobile device management, or the ability to delete anything off of a device without interruption to the user. We'll also see corporations making significant investments to fortify their websites.
Industry Leaders: IBM's Trusteer is a global leader in endpoint cybercrime prevention. On many levels, it's architecting security options and helping organizations with policy. Bromium is another provider that uses a technology called microvirtualization to address enterprise security at the endpoint. F5, which acquired Versafe, has a blended strategy to protect Web applications.
Technology: Android, which is a largely flexible platform, is most prone to mobile malware, but other platforms are hardly far behind.
Developers must remember that for attackers, this is their livelihood and they will always follow the money. As the industry cracked down on other types of fraud it will continue to squeeze attackers into the online and mobile world. Specialized and sophisticated malware will continue to pop up as each portal is blocked.
Prediction: There is a big push to collaborate and share threat information. People don't know what they want, and there are different ways to fight the same kind of things. Organizations with enough clout will step up and dictate the needs of industry, encouraging each other to team up and create a best-of-breed solution as part of this ongoing dance with attackers. As the industry has discovered with other forms of security, it becomes more sophisticated when working together, and now that there's an influx of mobile threats it must pool resources for protection.