Mobile malware has emerged as a real and significant problem. Addressing it is no longer optional. As with other IT security risks, technology isn’t a silver bullet, but it is a key component of a holistic solution that also incorporates people and process.
A mobile virus is malicious software that targets mobile phones or wireless-enabled PDAs,thereby may causing the collapse of system and loss or leak of confidential information.The insidious objectives of mobile malware range from spying to keylogging, from text messaging to phishing, from unwanted marketing to outright fraud.
Fifty-nine percent of IT and security professionals surveyed by the Ponemon Institute recently said mobile devices are increasing the prevalence of malware infections within their organizations. This is no shock: the extraordinary growth of mobile platforms has madethem an irresistible target. The only surprise would have been if these devices had escaped attack.
Years ago, PC malware exploded when Windows achieved dominance. Something similar
is occurring with mobile. As the mobile marketplace has grown and evolved, the Android platform has become dominant. Worldwide, 70% of new smartphones now run Android, with iOS running a distant second. (Microsoft’s Windows Phone 8 platform offers promise, but hasn’t yet achieved significant market penetration.)
The Android platform’s openness has made it attractive to users, device manufacturers,carriers, app developers and to malware creators. That’s where they’re focused..
In BYOD arrangements, mobile devices are often owned by users, who act as defacto administrators. Users typically decide which apps to run, and where to get them.Wider smartphone and tablet usage is often correlated with a loss of organizational control.And that, in turn, can compromise security in multiple ways. This is why some organizations are pursuing choose your own device (CYOD) approaches, where users get to pick their devices from a list the company is prepared to support, will continue to own, and plans to centrally administer. Of course, CYOD isn’t always an option, and many organizations have chosen to accept the tradeoffs associated with full BYOD.
Mobile malware risks
Organizations evaluating mobile malware risks should assess each of the ways it can damage them, including the following.
Productivity losses: Some forms of malware inconvenience users through aggressive advertising, prevent mobile devices from working properly, and increase support costs.
Direct costs: Some forms of malware and potentially unwanted applications (PUAs) have direct costs by utilizing paid mobile services such as SMS, with or without the user’s awareness or understanding.
Security, privacy, and compliance risks: Mobile malware can compromise corporate and customer data, systems, and assets that must be protected—placing the organization at competitive, reputational and legal risk.
Some mobile malware and PUAs merely annoy and frustrate. Yet as a whole, mobile malware and PUAs represent a significant and growing problem.