Survey exposes lax mobile security

By Bill Brenner, Senior News Writer 04 Apr 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Company executives claim they spend considerable time worrying about the security of smartphones and other wireless devices proliferating across their enterprises. But the steps they're taking to keep the bad guys at bay often fall short of what's needed.

Cupertino, Calif.-based AV firm Symantec Corp. reached that conclusion after mulling over the results of a survey (.pdf) The Economist conducted on its behalf.

Paul Miller, Symantec's director of mobile and wireless, said he was taken aback by the contradictive results. On one hand, 82% of the nearly 250 company executives surveyed by London's The Economist Intelligence Unit Ltd. research firm said they see the damage from virus attacks as the same or greater on a mobile network than on a fixed network. Yet only 26% have actually assessed the security risks of smartphones, compared with 81% of enterprises that have assessed their laptop security.

Despite the proliferation of mobile device use in the enterprise, only 9% of respondents said they've deployed a comprehensive security architecture designed to include mobile device access. Meanwhile, 39% said they have granted mobile devices access to the corporate network on an ad hoc basis, and 39% have also integrated mobile devices into the security architecture of their existing fixed networks. Meanwhile, almost 20% of businesses have suffered financial loss due to attacks targeting mobile data platforms.

Miller said too many enterprises use outdated security paradigms. "In today's enterprise, there are multiple endpoints to account for and proper protection cannot be tackled as one-size-fits-all," he said. "Three out of four companies do not specifically address smartphones in their security plan, even though they recognize the threat to mobile devices is as great as the threat to wired devices."

More on mobile security Check out our recent special series Unwired, which examined how organizations in four different business sectors are dealing with wireless security. Patients, PDAs and patches Preventing danger on the rails One hotspot, 910 square miles A wireless threat to student safety

The results also indicate Western Europe is best prepared for wireless device threats, while the U.S. is least prepared. Fifty-five percent of respondents from Western European businesses said they've deployed security software to protect mobile data, compared to 44% in Asia-Pacific and just 36% in North America.

And while 39% of enterprises are increasing the use of mobile technology without taking the proper security precautions, about 60% of them are letting security concerns hold back handheld device deployments.

"Security is the one particular issue that continues to impede the widespread adoption of mobile computing in the workplace and if it continues to be overlooked, there is a danger that some businesses will miss the advantages mobility can bring to their workforces," Gareth Lofthouse, director of custom research for The Economist Intelligence Unit, said in a statement.

Miller said Symantec's most recent threat report illustrates why enterprises must solve their wireless device security problems. It showed that malware targeting mobile devices -- particularly smartphones -- continued to grow through the second half of 2005.

The report also highlighted several new examples of malware for smartphones including Cardtrp, the first cross-platform threat with the ability to affect both Symbian and Windows operating systems. The end of 2005 also saw the emergence of Pbstealer, distributed as a file that represents itself as a phone book utility for smartphones in order to entice a user to download and execute it. Once a device has been compromised by one of these Trojan horses, Miller noted, information such as the user's phonebook, notepad, calendar, and to-do list will be transmitted to Bluetooth-enabled devices that are within range.

Asked what enterprises should do to bolster wireless device security, Miller said, "Our recommendation is always defense in depth. Our view is that smartphones are part of the endpoint and enterprises need to adjust their overall endpoint security to account for this." Endpoint security is a strategy in which security software is distributed to end-user devices but centrally managed.

"Employees must be trained to think of smartphones the same way they think of laptops -- they contain the same data and need to be cared for the same way," he said.

Companies can begin leveraging mobile technology as a competitive advantage by adding mobile protection to 5 or 10% of their mobile workforce and heeding to best practices, Miller said, adding, "This measured approach will help tremendously in preparing for major deployment."

Tags: Security Industry Market Trends, Predictions and Forecasts,  Handheld and Mobile Device Security Best Practices,  Information Security Policies, Procedures and Guidelines,  Smartphone and PDA Viruses and Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Industry Market Trends, Predictions and Forecasts M86 buys Web security gateway vendor Finjan Information Security Decisions 2009: Presentation downloads Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers McAfee survey finds faults in midmarket enterprise security Email archiving vendor sues Gartner over Magic Quadrant Information Security magazine October issue PDF Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry Information Security magazine Security 7 Award winners Security Squad: Privacy gone awry Security Industry Market Trends, Predictions and Forecasts Research Handheld and Mobile Device Security Best Practices Researchers find thousands of flawed embedded devices Best Mobile Data Security Products Should Windows Mobile updates come from Microsoft? MMS messaging spoof hack could have global ramifications How to prevent mobile phone spying Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws How secure are iPhone App Store mobile applications? Is there a spy on my mobile device? Mobile phones win during Pwn2Own contest Handheld and Mobile Device Security Best Practices Research Information Security Policies, Procedures and Guidelines Essential guide: Pandemic planning for H1N1 Whitelists, SaaS modify traditional security, tackle flaws Melissa Hathaway urges more cooperation, government attention to cybersecurity Reuters: Obama ready to select cyber security czar How a corporate Twitter policy can combat social network threats Should enterprises be concerned with Twitter in the workplace? Information security management hype: Debunking best practices Data breach avoidance begins with security basics, panel says Expert: Information security spending often restricts innovation GAO report cites government weaknesses, data leakage

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary backscatter body scanning  (SearchSecurity.com) marketecture  (SearchSecurity.com) NCSA  (SearchSecurity.com) Palladium  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary