The Growing Threat of Mobile Malware
The world’s projected population by 2020 is 7.8 billion people. By 2020, the expectation is that the population will have 11.6 billion mobile-connected devices, more than 1 device per person. As a result, mobile malware is becoming an increasing threat as cybercriminals seize the opportunity to access personal information for monetary gain and damage to both personal and business reputation.
The proliferation of mobile devices has meant that mobile security risks are growing by the day, and businesses are recognising the increased threats they present to sensitive information as more and more companies allow employees to access business applications from mobile devices.
When it comes to mobile, it often forms part of our identity, and in the wrong hands, can provide access to everything from social media, to banking, work and personal accounts. If someone were to gain control of our device, it could have huge ramifications.
Smartphone malware infections increased by 96% over the year to April 2016; smartphones account for 78% of all mobile infections; according to the latest Nokia Threat Intelligence Report for the first half of 2016, with new varieties including HummingBad and YiSpecter.
The lack of security and awareness of mobile risks means many businesses are still not adequately prepared to protect corporate networks and data from mobile hackers. However, mobile malware and vulnerabilities are not too dissimilar to the everyday corporate network threats, and since identity management is crucial to most information security strategies, there is no reason it shouldn’t stretch across mobile devices too.
With increased risks of users accessing services outside the corporate network perimeter, as well as users carrying many more devices to access these services, passwords alone cannot be trusted to properly and securely identify users. Businesses should use an SSO solution that embraces mobile — this will prevent the caching and saving of passwords on the device. If a device is then compromised, there are no passwords to steal.
Mobile SSO Solution Is Part of Your Identity
Single Sign-On (SSO) provides the ability to log into an app using a single or federated identity. For consumers this identity can be their social media identity, such as Facebook or Google, while an enterprise identity is typically the user’s Active Directory ID.
Without SSO, users need to remember complex passwords for each app, or worse, they use common or easily remembered, weak passwords. Either way, this results in a frustratingly fragmented workflow, signing in separately to dozens of different apps during the workday.
A suitable solution should enable you to improve end-user satisfaction and streamline workflows by providing a single identity to access all business apps. It should also unify and deliver access to apps from all end-user platforms—desktops, laptops and mobile devices.
Deploying an EMM solution that allows flexible policy, and contains and manages enterprise apps and data can also protect enterprise data and remove from the device if necessary, without having to “wipe” personal data from the device.
On top of this, businesses should follow basic security practices such as accepting the latest OS upgrades and security patches and never connecting to unknown WiFi networks unless they are familiar with the network as this is a very common way to steal data and credentials.
If businesses want to avoid the threat of mobile malware, they need to accept that this requires investment in the technology and processes to monitor and manage the devices, and the users. Enforcing password control through SSO, and controlling users access through mobile identity management can help prevent a malware attack and inhibit unwarranted access to intellectual property and sensitive information.
Learn how to take control of mobile in your workplace here.