Simply Security - News, Views, and Opinions from Trend Micro

Posted on September 11th, 2012 in Mobility by Simply Security | Be the first to comment | Tags: Mobility

Wall Street firms should anticipate more advanced data security threats targeting mobile users.

Following news of a security breach that may have leaked as many as 12 million ID numbers from Apple devices, analysts are warning users of the soon-to-be-released iPhone 5 about a flood of potential security risks. In particular, Wall Street firms should anticipate more advanced data security threats targeting mobile users as more employees store sensitive information on their phones and more businesses implement BYOD (Bring your own Device) programs.

Apple’s challenge

Although Apple has always maintained claims that their brand is resilient against malware, the company’s growing mobile market share makes it an increasingly attractive target for hackers. A recent comScore report noted that more than a third of U.S. smartphone users own iPhones, and the release of the iPhone 5, later this month, is expected to build upon this trend with robust sales. Given the size of the Apple user base, these devices are likely to draw more malicious attention, according a recent Wall Street and Technology article.

“What you will see is a lot more attacks against Apple products,” Shirley Inscoe, a senior analyst at Aite Group, told the publication, noting a prominent recent malware attack against Macs. “Ninety out of the top 100 free applications that are downloaded have malware. Those are being downloaded by Apple users as much as others,” she added, noting that, while malware is more of an issue on Android devices, both platforms are particularly at risk from infected apps. These constitute one of the biggest mobile security vulnerabilities to Wall Street Firms, whose employees may be drawn to free apps on the same devices they use for trading.

A growing trend

The increasing popularity of BYOD means that many iPhone users in the financial services industry are handling trading and banking transactions on their mobile device, potentially exposing a range of valuable financial information to hackers. Additionally, it is common for people to store personal data such as contacts, lists of web passwords and scheduling information on their smartphones.

“[People] don’t realize how compromising it is if they lose their phone,” Inscoe warned Wall Street and Technology.

At the same time, she said, most users pay far less attention to protecting their mobile devices than they do to their laptops. Many people do not protect their smartphones, and even passcode-protected devices are relatively easy to hack. Since mobile phones are replacing laptops as a platform for online banking and financial transactions, there is an increased incentive for hackers, too. Recent studies have shown dramatic increases in Android malware, and, while Apple scans apps in its store for known malware, unexpected threats can still go undetected.

Improved anti-malware and mobile device management software can stop many threats, according to analysts like AV-test.org, which reported in March that tests of various Android anti-malware products had detected more than 90 percent of infections. However, many users still remain unprotected.

Protecting against mobile security risks

Firms and individual users can improve mobile security with a few basic measures, Wall Street and Technology reported.

Smartphone users should be aware that they can remotely delete personal information from a lost device if they know how to do this. Firms may want to monitor the apps their employees can download and veto certain choices, particularly free apps, that could pose data security risks. Employers can also implement mobile device management software to run tests on employee devices that search for infections and to help prevent them. As Wall Street firms move to an increasingly mobile approach, focus on mobile security is likely increase.

Data Security News from SimplySecurity.com by Trend Micro