Cutting Through The Weekly Mobile Security Noise: The Rise of Android Threats
The rise of Android-developed malware is creating a serious problem for organizations. Research firm Strategy Analytics found that “81.3 percent of smartphones sold in the third quarter of 2013 were powered by Android” and that number is continuing to soar. The increasing popularity of these devices is attracting cyber criminals who have started to view Android users as their biggest targets. This week we’ve seen a number of interesting statistics that demonstrate the need for a multifaceted security solution, especially when it comes to mobile devices.
Companies are doing a poor job of implementing encryption policies to protect mobile traffic and credentials between users and organizations, an article in Help Net Security noted. Security researchers from AppBugs tested apps on Google Play and found that around 100 popular apps either don’t use HTTPS to protect login credentials or they do it poorly, which exposes users to serious threats known as “Man-in-the-Middle attacks.” Even well-known companies like Match.com, Safeway, Pizza Hut and the NBA have poorly implemented encryption policies or no policy at all.
Android devices account for 97 percent of mobile malware, according to a recent study of more than 2.5 million mobile applications. The report found that “in 2014 almost one million individual malicious apps were released which is almost four times as many as the year before.” The report also noted enterprises are struggling with BYOD, because the applications their employees use are often running on a device they don’t own or control. The firm suggested that enterprises should move away from “trying to manage and secure an entire mobile device via Mobile Device Management (MDM) to one of employing workspaces to secure only portions of the device that access and store corporate data.”
A report released this week found that organizations are struggling to secure mobile and web based applications. The report was based on an analysis of more than 200,000 applications across various industry sectors. It found that most sectors “failed industry-standard security tests of their Web and mobile applications” and that government agencies are the worst offender, fixing less than one-third of detection problems. According to the report, one of the key reasons government security is so poor is because it relies on “outdated programming languages, such as Adobe ColdFusion.” Government organizations aren’t the only one’s facing facing challenges with securing web and mobile applications, however. These issues occur across many industries and are continuing to increase.