Social networking and the explosive growth of mobile computing have created a new layer of risk for companies embracing web technology to boost the bottom line, data security experts said Tuesday.
Nick Galletto, a partner at Deloitte Security and Privacy Services in Toronto, said threats from malicious software are multiplying with the proliferation of mobile computing devices, including the iPhone and BlackBerry.
He said smartphones and tablet PCs are increasingly linked to corporate networks through unsecure connections. And users are often unaware of the need to provide password and encryption protection on phones that may store corporate as well as personal data.
The result is that deliberate breaches, along with careless behavior, are a mounting threat to business operations and individual privacy, he told a Toronto seminar on securing the mobile workforce.
Smartphones are embraced by government and individuals to conduct commerce and share information. But he said corporations, anxious to drive efficiencies and cost-savings from digital technology, “are the main source of data leakage.”
As such, Galletto said smartphones are a conduit for the spread of computer viruses and other malicious code between the mobile gadget and enterprise networks. He said the problem is made more acute by the blurring of the line between business and personal use of mobile digital technology.
“If you bring a smartphone with corporate data home, don’t be surprised if your tech savvy teenager can jailbreak the code,” he said.
And there are also new dangers from social networking sites that encourage users to link to web addresses that may not be secure, he said.
As well, there are the threats posed by the more than 250,000 applications available for mobile download from online stores operated by Apple Inc., Research In Motion Ltd. and others, said Daniel Hoffman, chief mobile security “evangelist” at data security firm Juniper Networks and a speaker at the seminar. He said a smartphone virus in Russia “stole money” by sending unauthorized texts to gain control over a bank account.
Hoffman also said that Google pulled dozens of unauthorized mobile-banking apps from its Android Market, adding that applications not vetted by store employees can secretly infect mobile gadgets with worms, Trojans, spyware, key loggers and other bugs that can disable a device, or even record users’ phone conversations.
And while Apple says it vets applications before they appear in its App Store, it has pulled hundreds of apps it said violated policies dealing with security and privacy.
As well, recent research from computer training firm SANS found that 85 per cent of users were not scanning their mobile devices for malicious programs running on the devices. Of the 15 per cent who were, 18 per cent found mobile malware, higher than the overall infection rate for PCs in North America.
Hoffman said mobile device users need to begin treating the technology like mobile desktop computers; installing anti-virus protection, securing passwords and enabling encryption. But he added that there is nor substitute for common sense.
“I think the biggest threat to the enterprise is not from external sources, but from users with a false sense of security.”
Nick Galletto, a partner at Deloitte Security and Privacy Services in Toronto, said threats from malicious software are multiplying with the proliferation of mobile computing devices, including the iPhone and BlackBerry.
He said smartphones and tablet PCs are increasingly linked to corporate networks through unsecure connections. And users are often unaware of the need to provide password and encryption protection on phones that may store corporate as well as personal data.
The result is that deliberate breaches, along with careless behavior, are a mounting threat to business operations and individual privacy, he told a Toronto seminar on securing the mobile workforce.
Smartphones are embraced by government and individuals to conduct commerce and share information. But he said corporations, anxious to drive efficiencies and cost-savings from digital technology, “are the main source of data leakage.”
As such, Galletto said smartphones are a conduit for the spread of computer viruses and other malicious code between the mobile gadget and enterprise networks. He said the problem is made more acute by the blurring of the line between business and personal use of mobile digital technology.
“If you bring a smartphone with corporate data home, don’t be surprised if your tech savvy teenager can jailbreak the code,” he said.
And there are also new dangers from social networking sites that encourage users to link to web addresses that may not be secure, he said.
As well, there are the threats posed by the more than 250,000 applications available for mobile download from online stores operated by Apple Inc., Research In Motion Ltd. and others, said Daniel Hoffman, chief mobile security “evangelist” at data security firm Juniper Networks and a speaker at the seminar. He said a smartphone virus in Russia “stole money” by sending unauthorized texts to gain control over a bank account.
Hoffman also said that Google pulled dozens of unauthorized mobile-banking apps from its Android Market, adding that applications not vetted by store employees can secretly infect mobile gadgets with worms, Trojans, spyware, key loggers and other bugs that can disable a device, or even record users’ phone conversations.
And while Apple says it vets applications before they appear in its App Store, it has pulled hundreds of apps it said violated policies dealing with security and privacy.
As well, recent research from computer training firm SANS found that 85 per cent of users were not scanning their mobile devices for malicious programs running on the devices. Of the 15 per cent who were, 18 per cent found mobile malware, higher than the overall infection rate for PCs in North America.
Hoffman said mobile device users need to begin treating the technology like mobile desktop computers; installing anti-virus protection, securing passwords and enabling encryption. But he added that there is nor substitute for common sense.
“I think the biggest threat to the enterprise is not from external sources, but from users with a false sense of security.”
No comments:
Post a Comment