Zimperium Blog

Cutting through the Weekly Security Noise: Social, Payments and Apps Pose Big Enterprise Security Challenges in 2015

It’s a popular time of year for data about 2014 and prognostications for 2015. This week saw a number of stories citing data and trend information on how enterprises face a big challenge over the next calendar year. Here were some of the stories we tracked:

• Mobile Payment Adoption Slowed by Security Concerns?—Michael Cheng of Payment Week covered a recent survey that showed that only one percent of consumers think that mobile payments are secure for in-store shopping. One percent. If that stays true, it will be a long, slow adoption cycle for mobile payments. Another way to look at this data? If consumers don’t feel comfortable having their personal information stored on their device, should enterprises feel good about employees’ BYOD devices housing corporate data or access to databases? Food for thought.

• Forget North Korea, it’s the Enemy Within—Andy Patrizio of Network World has the story on a survey where IT pros name employees as their single biggest security liability in 2015. So while the eyes of the world turn toward North Korea’s hack of Sony, most IT professionals will tell you that social engineering and managing BYOD is the biggest security liability they face today. It’s no secret that allowing personal devices to access corporate email, cloud applications and other enterprise systems is fraught with risk. It’s not just the devices that are insecure, but the fact that smart phones and tablets are regularly connecting to insecure wifi, accessing vulnerable social networks and are subject to the same socially engineered attacks that have succeeded in the enterprise for decades.

000

Photo Credit: ThinkStock

• Popular Apps = Popular Hacks—Fred Donovan of Fierce MobileIT covers vendor research showing that a combined 92 percent of the 200 most popular Android and iOS apps have been hacked. These are the same apps that are riding alongside email and corporate apps on all of the BYOD devices connecting to corporate networks around the globe. We wonder if any of them are consumer payment apps?

• A Year in Review—Will Kelly of TechRepublic has a fun look at hits and misses in the world of mobility from 2014. One big miss? The fact that enterprises still don’t have a multi-layer security strategy covering mobile devices as evidenced by a major theft of unencrypted laptops.

• A Dishonest Assassin App—Apparently, hackers developed a fake Assassin’s Creed app to target Russian game players in the latest attempt by criminals to use a love of gaming to steal personal data. Fahmida Rashid of PC Magazine explains that Russian banks will use SMS to authenticate payments and so by simply intercepting the SMS message, the bad guys can get access to player’s account.

What stories were you following this week? We’d love to hear from you on the stories you’re tracking.

In the meantime, Happy Holidays!