Mobile

Beware the mobile threat

padlocked keyboard

Life was much simpler in the days of flip phones and Wi-Fi-free coffee shops. Back then the biggest worries were scams involving people using a mobile device to surreptitiously make international phone calls or using unfamiliar computers to send important information.

As technology has changed, however, so too have the threats. Now a lost smartphone can result in a major network compromise, and laptops left in taxis or dropped thumb drives can trigger data-breach notification requirements — assuming, of course, that the IT department knows whether devices carried by employees are connected to the agency’s network or contain sensitive or classified information.

And the problem is only getting worse. Trend Micro’s 2013 second-quarter Security Roundup report identified a dramatic increase in the amount of malware aimed at mobile devices that use the Android operating system. The report shows that the number of malicious and high-risk Android applications had grown to 718,000 in the second quarter of 2013, up from 509,000 in the previous quarter. Trend Micro expects the total number of malicious applications to exceed 1 million by year’s end.

McAfee, in contrast, identified a much smaller but still eye-popping number of mobile malware threats. For the first quarter of 2013, it identified 50,926 pieces of mobile malware. In contrast, for all of 2011, the company gathered only 792 samples. Most of the mobile malware was aimed at Android devices. (McAfee’s malware figures were lower due to the different way it categorized mobile malware.)

The types of threats are evolving as well. Kaspersky Lab recently identified mobile malware that is designed to leap to desktop devices.

And the threats don’t just come from mobile malware. Security researchers recently identified malware installed in USB ports that issues malicious commands to mobile devices plugged in for recharging. And then there are the concerns about connecting to unsecured public Wi-Fi signals, which can easily be monitored for valuable information.

This list of threats is far from complete or static. But it illustrates that mobile devices pose a serious cybersecurity threat to IT enterprises, and as other devices are locked down, attacks involving mobile malware will only increase. All of this is compounded by the “bring your own device” revolution, which has given employees access to company or agency networks via their personal devices.

Admitting that we have a security problem is the first step to mitigation. By recognizing the threats posed by mobile devices, administrators can now turn to security measures. Obviously, every agency is going to need a specialized approach, but some basic security steps would include:

  • Develop and implement a specific BYOD policy to manage personal devices connected to the agency’s networks.
  • Lock down agency-issued laptops and other mobile devices so that only certain programs can be downloaded and only specific information (if any) can be removed from the device.
  • Institute policies regarding connecting to networks when traveling.
  • Enforce strict policies regarding the carrying or use of mobile devices when traveling overseas, especially in areas where thefts of mobile devices or deliberate breaches are commonplace.
  • Inventory mobile devices regularly; knowing which devices should be connected to a network will help administrators manage the security process.

Mobile devices must be treated with the same responsibility and security measures as any other electronic device. Although they can dramatically increase efficiency and even employee satisfaction, they are yet another threat vector to worry about. Failure to do so could lead to unwanted results.

About the Author

Brian E. Finch is a partner at Dickstein Shapiro.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Fri, Oct 25, 2013 Brian Rivas Rockford, IL

This is WAY overblown, especially with regard to Android. There are more than a billion devices in use right now and only a small fraction will ever get infected. Google, Airpush, Lookout, Samsung and a host of other highly responsible hardware and software solutions providers have reached deals, created safeguards and raised public knowledge to such an extent that mobile consumers are now, in my opinion, safer than they have ever been.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group