Survey exposes lax mobile security

By Bill Brenner, Senior News Writer 04 Apr 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Company executives claim they spend considerable time worrying about the security of smartphones and other wireless devices proliferating across their enterprises. But the steps they're taking to keep the bad guys at bay often fall short of what's needed.

Cupertino, Calif.-based AV firm Symantec Corp. reached that conclusion after mulling over the results of a survey (.pdf) The Economist conducted on its behalf.

Paul Miller, Symantec's director of mobile and wireless, said he was taken aback by the contradictive results. On one hand, 82% of the nearly 250 company executives surveyed by London's The Economist Intelligence Unit Ltd. research firm said they see the damage from virus attacks as the same or greater on a mobile network than on a fixed network. Yet only 26% have actually assessed the security risks of smartphones, compared with 81% of enterprises that have assessed their laptop security.

Despite the proliferation of mobile device use in the enterprise, only 9% of respondents said they've deployed a comprehensive security architecture designed to include mobile device access. Meanwhile, 39% said they have granted mobile devices access to the corporate network on an ad hoc basis, and 39% have also integrated mobile devices into the security architecture of their existing fixed networks. Meanwhile, almost 20% of businesses have suffered financial loss due to attacks targeting mobile data platforms.

Miller said too many enterprises use outdated security paradigms. "In today's enterprise, there are multiple endpoints to account for and proper protection cannot be tackled as one-size-fits-all," he said. "Three out of four companies do not specifically address smartphones in their security plan, even though they recognize the threat to mobile devices is as great as the threat to wired devices."

More on mobile security Check out our recent special series Unwired, which examined how organizations in four different business sectors are dealing with wireless security. Patients, PDAs and patches Preventing danger on the rails One hotspot, 910 square miles A wireless threat to student safety

The results also indicate Western Europe is best prepared for wireless device threats, while the U.S. is least prepared. Fifty-five percent of respondents from Western European businesses said they've deployed security software to protect mobile data, compared to 44% in Asia-Pacific and just 36% in North America.

And while 39% of enterprises are increasing the use of mobile technology without taking the proper security precautions, about 60% of them are letting security concerns hold back handheld device deployments.

"Security is the one particular issue that continues to impede the widespread adoption of mobile computing in the workplace and if it continues to be overlooked, there is a danger that some businesses will miss the advantages mobility can bring to their workforces," Gareth Lofthouse, director of custom research for The Economist Intelligence Unit, said in a statement.

Miller said Symantec's most recent threat report illustrates why enterprises must solve their wireless device security problems. It showed that malware targeting mobile devices -- particularly smartphones -- continued to grow through the second half of 2005.

The report also highlighted several new examples of malware for smartphones including Cardtrp, the first cross-platform threat with the ability to affect both Symbian and Windows operating systems. The end of 2005 also saw the emergence of Pbstealer, distributed as a file that represents itself as a phone book utility for smartphones in order to entice a user to download and execute it. Once a device has been compromised by one of these Trojan horses, Miller noted, information such as the user's phonebook, notepad, calendar, and to-do list will be transmitted to Bluetooth-enabled devices that are within range.

Asked what enterprises should do to bolster wireless device security, Miller said, "Our recommendation is always defense in depth. Our view is that smartphones are part of the endpoint and enterprises need to adjust their overall endpoint security to account for this." Endpoint security is a strategy in which security software is distributed to end-user devices but centrally managed.

"Employees must be trained to think of smartphones the same way they think of laptops -- they contain the same data and need to be cared for the same way," he said.

Companies can begin leveraging mobile technology as a competitive advantage by adding mobile protection to 5 or 10% of their mobile workforce and heeding to best practices, Miller said, adding, "This measured approach will help tremendously in preparing for major deployment."

Tags: Security Industry Market Trends, Predictions and Forecasts,  Handheld and Mobile Device Security Best Practices,  Information Security Policies, Procedures and Guidelines,  Smartphone and PDA Viruses and Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research Handheld and Mobile Device Security Best Practices How to prevent mobile phone spying Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws How secure are iPhone App Store mobile applications? Is there a spy on my mobile device? Mobile phones win during Pwn2Own contest Latest Apple iPhone features prompt security concerns Apple iPhone app could boost two-factor What Obama's Blackberry means for mobile device security SMS mobile worm attacks Symbian smartphones Handheld and Mobile Device Security Best Practices Research Information Security Policies, Procedures and Guidelines Twitter risks, Facebook threats trouble security pros Cybersecurity czar candidate questions clout of new position Incident response planning The basics of enterprise GRC project management RSA council addresses growing security risks in the cloud How to write a risk methodology that blends business, security needs Risk management must include physical-logical security convergence DHS fills National Cybersecurity Center post New partnerships, creative thinking help security bust recession Experts optimistic of Obama cybersecurity plan

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary backscatter body scanning  (SearchSecurity.com) marketecture  (SearchSecurity.com) NCSA  (SearchSecurity.com) Palladium  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary