Home / / Cisco cyber-sec exec cautions against malware alarmism

Cisco cyber-sec exec cautions against malware alarmism

Security specialist says some reports on threat landscape do not add up

Cisco cyber-sec exec cautions against malware alarmism

A senior Cisco cyber-security specialist has urged care when interpreting the many reports from researchers and security vendors on the spread of malware.

In an email exchange with ITP.net about software vulnerability exploits, for this month's Cyber Kung Fu Master Class, Stuart Hatto, CISSP (Certified Information Systems Security Professional), field product manager, EMEA, Cisco Security, said some reports on the growing threat landscape were suspect.

Hatto agreed that mobile platforms and smart devices have stretched the attack surface, offering more entry points to cyber criminals, but suggested that caution was needed when considering the many figures on threat detection and malware growth.

He cited one set of figures that claim 97% of mobile malware affects Google's Android.

"Statistically, this is twisting the facts," he told ITP.net, "because while it's true that 97% of mobile devices run Android, you cannot extrapolate that this means 97% of Android apps contain malware."

Hatto made his comments as part of a wider discussion about software vulnerabilities, covering their origin and methods for detection, as well as protection strategies for users and vendors. But, while accepting that many mobile apps and desktop applications were riddled with flaws, he doubts the scale touted by some sources.

"We recently saw a report claiming that an assessment of 7m mobile apps concluded that there had been an increase of 500% in mobile malware," he said. "Headline-grabbing figures, but not when you consider that the combined number of AppStore and Google Play apps was only 2.5m in total as of July last year. Add in other stores such as Amazon Marketplace and the number is close to 3m, but certainly not 7m. Security companies are hyperbolising but it is likely a few thousand apps do contain malware."

You can read the complete feature on software vulnerabilities, their implications and some advice for users and vendors, from Thursday 28 May.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.