The advent of mobility and consumer convenience cannot be denied. Historic days of talking about a network perimeter are seriously antiquated and no longer applicable to an increasingly networked world utilizing multiple operating systems, devices, and mobile solutions.
Risk, a function of the likelihood of a given threat and the ability for it to exercise damage or losses related to assets, has never been higher for the mobile market. Take, for example, an executive on the go who requires a BlackBerry for corporate calls, Web surfing, e-mail access, and even the ability to view e-mail attachments. If his device is attacked, his ever important black book of contacts may be compromised or used in targeted attacks against individuals known to him.
Corporate e-mails may be leaked and company data used by competitors or hackers looking to sell that data for a price. Ongoing monitoring of a compromised device could also lead to additional problems and data loss. For a busy executive on the go, security for the mobile device has now become mission critical for daily security operations. Any of the preceding security breaches could result in significant drops in consumer confidence and public stock values, significant lawsuits over identity theft or data loss, or competitors gaining the edge by leveraging stolen data from the executive.
Consumer security also matters to large enterprise networks. Financial institutions are working hard to gain the trust of consumers to perform mobile banking and similar services through their mobile solutions.
System administrators and forensic experts now face the need to be trained in, and properly implement, maintain, and respond to mobile security products within an enterprise environment. Several notable cases have already emerged where executives and others have been investigated for illegal actions performed through mobile devices.
Forensic analysts need to know how to properly maintain chain of custody in order to investigate and analyze mobile device content. With a surge of new devices and solutions on the market, this is no easy task. Many administrators are generally familiar with malicious code but are unaware of the details regarding MM. Understanding the history of MM to date, and the general capabilities of each primary family, is an essential element in preparing system administrators in their management of security for such products, in addition to assisting forensic analysts.
The advent of Cabir source code spread by a group called 29A significantly changed the landscape of MM development as we know it today. A while ago Symbian was the most widely targeted operating system by MM in the wild.
Developments and attention paid to newer operating systems, such as the iPhone, are now on the front burner for many in whitehat, grayhat, and blackhat communities.
Traditional attacks like phishing, and newer twists like vishing, also impact mobile security. Mobile media adoption is huge when it comes to “texting” with others, not to mention brief phone calls and e-mails to friends and family. Devices and the communication systems they involve are becoming highly trusted, and are a lifeline of communication for many users globally.
Criminals seeking to financially defraud such users will certainly leverage social engineering to exploit consumers and their core elements of trust in the mobile market for maximum financial gain.
Mitigation of MM crosses many layers. It’s not just the hardening of a device and software, and the use of mobile antivirus software. A thorough understanding of best practices is essential for this emergent market.
{ 0 comments... read them below or add one }
Post a Comment