We live in a world dominated by smartphones and tablets, and by the applications that run on these mobile devices. These applications help us with everything, including expenses, mobile banking, the weather and access to your corporate and personal email. The rise of the mobile app is seemingly unstoppable as we enjoy the benefits they bring in terms of mobility, ease of use, and flexibility.
Mobile is no longer a niche or isolated part of an organizations’ digital footprint. New devices and applications are the status quo but organizations must be aware of the digital risks associated with them.
According to a recent KPCB report, mobile digital media is now outpacing desktop usage. The report stated that adults with access to digital media use mobile 51%t of the time, compared to 42% for desktop usage and 7% for all other devices.
So how secure are mobile apps? And are we risking the health of our personal data, phones and even the intellectual property and reputation of the companies we work for by using insecure and compromised apps without even realizing it?
Well yes it seems we are.
Just this month, the UK’s National Crime Agency reported that while ‘there have been no reported cases of a mobile malware infection being used to pivot into a corporate enterprise network. It is more likely that mobile attacks will form part of the attack chain to target consumers and organisations, for example being used as a reconnaissance tool to gain access to various user login credentials’.
The Agency suggested there were three main concerns for consumers and businesses alike, malicious apps, fake apps, and SMS phishing, or SMishing which are all methods most commonly employed in the mobile apps space.
Last year, the U.S. Federal Trade Commission warned that ‘as more consumers are shopping with mobile apps, fraudsters are following the money’. There are fake phone apps popping up that impersonate well-known retailers to steal your personal information. Their names were like well-known brands, and their descriptions promise enticing deals or features.
So, while usage of smart devices and apps grows, so too does the spread of malware and other cybersecurity risks via those very same mobile apps. It’s purely a case of economics as the adversaries look to exploit the technology we use most often, in this case mobile platforms.
People will claim some apps are safer than others, and while undoubtedly Android apps are the most impacted, it’s important to realise infected, spoofed and compromised apps are not simply the domain of that platform, and that Windows and Apple apps are also affected.
For example, just before Christmas Apple removed hundreds of fake apps – from the official App Store no less – as most of the apps were impersonating famous retailers or brands like Jimmy Choo and Christian Dior.
Clearly, we need to do a better job of monitoring and manage mobile apps and identify malicious and unsanctioned applications in official and third-party application stores. It is critical to be able to check for impersonating or spoofed mobile applications that could damage an organizations’ brands or compromise sensitive information. Monitoring the Internet and our own networks to identify digital risks to organizations is not enough. We need to look beyond that boundary to find cyber threats, data leakage, and reputational risks hidden in mobile apps as well.
We need to look at the whole digital footprint we have – not just the corporate networks we usually log on to.
Today the boundary of the network is always expanding and it often sits in our pockets and bags in the shape of the smart devices we carry – and we need to ensure they are protected and monitored in the same way as our ‘normal’ home network is protected and monitored.