For years, malware vendors have hyped the coming mobile malware apocalypse, and yet few enterprises have had any reason to give mobile malware risk a second thought. So is enterprise mobile malware a legitimate concern?
According to Chester Wisniewski, senior security advisor for Abingdon, U.K.-based antivirus vendor Sophos Ltd., the answer is, "It depends."
In this interview, recorded at the 2014 RSA Conference, Wisniewski offered an overview of the mobile malware landscape. He said that the majority of mobile malware affects Android devices, and while evidence clearly indicates the volume of new daily mobile malware samples is increasing and attackers are finding creative ways to utilize infected devices, the risk for most organizations is still fairly low.
"There's certainly a lot of fear about it and huge quantities of it," Wisniewski said. "But if you're following best practices and you're controlling your environment for mobile, there's very little risk in a well-managed environment."
Wisniewski also discussed how malware authors are using Windows malware techniques to obfuscate mobile malware, where mobile malware detection and prevention software stands in its evolution, and how Apple's secrecy limits the industry's understanding of iOS mobile device security.