Mobile menace

As employees increasingly use mobile devices, the threat of viruses in the workspace is growing.

  • E-Mail
By  Administrator Published  March 21, 2008

With employees increasingly using mobile devices such as laptops and PDAs to access email and the internet while on the move, the threat of viruses entering the workspace is growing. Nimer Ghazal, regional sales manager for IT security specialist Secure Computing Corporation, tells CommsMEA about the extent of the problem, and how companies should work to protect themselves.

Are viruses proving to be a big problem for mobile devices?

Nimer Ghazal: The problem of mobile viruses is relatively small compared to the problem in the computer space. However, a lot of mobile users now use the internet on their mobile phones, which exposes them to a higher level of risk. The problem will definitely grow if enterprises do not extend the internet usage policy data protection and anti-malware protection to their remote workers' mobile devices.

Is there a problem with employees bringing potentially infected laptops into work, and plugging them in to the network?

NG: Yes, for sure if they allow their employees unfiltered Internet access outside of the office then the chances that these mobile devices have a malware infection will rise significantly.

Is there a lot of ignorance of the problem?

NG: Enterprises in the Middle East currently do not look at this as a major threat to their systems simply because internet usage on mobile phones is not widely used, mainly due to the high costs of using such service.

Are viruses actually targeting mobile devices as an easier means of getting into networks?

NG: Yes, there have been examples already of RIM and iPhone vulnerabilities that could have led to targeted attacks, stealing sensitive corporate data. I believe this is becoming a real issue as more and more organisations provide their mobile workforce with web 2.0 capable devices that are also able to gain deeper access to corporate data.

As mobile devices become more complex and capable in the Web 2.0 world, there is a greater chance that cyber criminals will discover more vulnerabilities.

These vulnerabilities, combined with the increased usage of mobile phones to access corporate information remotely through the internet, will quickly become primary targets for organised crime.

I believe a proactive approach should be put in place immediately. Today there is technology that is available to corporates and mobile operators to help them reduce the risk of these targeted Web 2.0 attacks and I believe organisations should implement these security systems in case a large scale mobile worm spreads.

What are the main vulnerabilities on devices such as RIM and i-phone? What kind of targeted attacks have occurred?

Typically application vulnerabilities that render the device open to data theft. Resale of confidential data on the black market is one of the biggest drivers for these types of targeted attacks.

Is it possible for a virus to pass from a mobile device to a company's network?

NG: I'm not sure there has been such an occurrence - typically attacks are targeted to a particular device and that attack will not work on any other platform. The main threat is of course data theft and this type of attack works across multiple platforms and parts of the network including the email system.

There are a number of studies that show that up to 80% of the companies confidential data is contained in their email system.

What can users and companies do to protect themselves from the threat?

NG: Companies should have clear security polices for mobile usage to access websites and should implement strict security measures against malware which is spread through malicious websites.

These security policies should also control what type of access to the corporate network employees have, while working remotely, and in addition they should enforce the use of encryption for sensitive data at rest on the device, or data in motion to and from the device.

Network operators can also help by implementing proactive, reputation-based anti-malware systems and can block the user's access to malicious websites and content in real time, as new threats emerge.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code