Another big security problem for users is the amount of phishing that has been taking place, as 9.2 million Americans said they were victims of a such an attack within the past year. The key to this has likely been the use of big names to trick people into opening emails and visiting websites, as cybercriminals used PayPal, Visa, Facebook and banks to try to trick people so they could infect their PCs. Consumer Reports said hundreds of thousands of people lost money from a bank accounts as a result of this scheme.

Facebook was issue in and of itself, as 9.8 million people had their accounts used by an unauthorized party. This has caused a lot of fake information to be placed on the social media website, as 28.5 million Facebook users changed personal information to protect their identity.

Consumer Reports also found that smartphones can be a worry for data security as well, as about 40 percent of people surveyed said they didn't even take minimal security measures, such as screen lock, data backup or a device location app to help keep their device safe.

"Last year, 5.6 million smartphone users experienced undesired behavior on their phones such as the sending of unauthorized text messages or the accessing of accounts without their permission, our survey projects," the organization said on its website. "According to experts, those are symptoms indicating the presence of malicious software."

While the rate of malware infecting these devices, 5 percent, was much lower than the 31 percent that infects home computers, Consumer Reports said it is troubling due to the fact that security infractions are becoming more common on iPhones, Androids and other devices where users seem to feel too safe for their own good. About 1.2 smartphone users were charged for calls or texts they never made and experienced harassment, data loss or identity theft after this incident. The natures of these devices may make them much harder to secure than many had anticipated, but securing smartphone devices is now a must for business.

Consumerization News from SimplySecurity.com by Trend Micro.

"If you were a security leader back in the early days of 802.11, you were likely against implementation of wireless LANs in your enterprise," he said. "No guest accounts, no free Internet access in conference rooms, ban wireless cards in laptops and definitely no ubiquitous access around the company campus. Who would have thought that McDonalds would offer free WiFi around the world a decade later?"

Even back in his early days in IT, Lohrmann said he did not want Wi-Fi within the state of Michigan, adding that he almost lost his job fighting against the adoption of the technology. Now, Wi-Fi is part of everyone's lives and the technology has evolved to the point where most are comfortable in its security and new battles have emerged. BYOD is now the emerging and impending topic that companies are worried about. While Lohrmann agrees with BYOD bringing security issues, the trend rings a familiar bell to anyone who was previously dealing with controlling and securing Wi-Fi.

He pointed out that many are still worried about the security of the BYOD program but may not be taking the right steps. Quoting a study from eWeek, he said there seems to be new industry trends coming from BYOD.

"A survey of BYOD participants found there is widespread acceptance of personal device use, but lax security controls," eWeek said. "Ninety percent of U.S. employees used their personal smartphones for work within the past year, yet only 46 percent believe their employers are prepared for any issues that could arise from BYOD."

Being scared should not mean no adoption
Even if companies are somewhat put off by the BYOD trend, Lohrmann wrote on CSO that the proverbial BYOD ship is starting to leave the dock. Fighting the future is pointless, he said, so companies should be looking at crafting BYOD policies and making sure everything is as secure as possible within the company's network. The industry is still very new, so businesses have their chance to make a mark and figure out new and improved ways to secure and use a BYOD program to their advantage.

Steps to becoming secure 
ReadWrite said security in BYOD will always be a concern that companies have, but that does not mean that it cannot be kept secure. There are a few steps every company can and should take for the best possible security of BYOD, including making sure employees are educated as to how they can be the safest on their devices. Giving user training, security desk training and developer training are all great steps toward becoming more secure in a mobile program.

"With its favorable cost-benefit ratio, education is low-hanging fruit," the website said. "In the IT manager survey referenced earlier, managers from all four participating countries that had begun securing their BYOD systems had most commonly implemented device management rules and an employee code of conduct. Employee education is a rewarding place to start, but – based on the fact that security concerns persist – it is obviously not a standalone solution."

Another important step that no company can leave out is securing their data. ReadWrite said the devices in the future may be completely different than anything that is out today , so it is important to ensure the organization has a tight grip on data ahead of everything else. The website said data security can come from purchasing or creating containerized applications for every platform or other ways that each individual business may see fit to use.

It will also be essential for each business to select the correct type of hardware to use to help make sure the software-based security is as safe as possible. Whether this means choosing a 100 percent Windows-based system or selecting the right kind of management tools, it is essential for organizations to have all the right equipment to stay secure over the long haul.

"Finally, selecting the right hardware can make other software options more viable," ReadWrite said. "For example, VHD's biggest drawback is performance. Hardware that accelerates common virtualization tasks can mitigate that sluggishness, making the security of VHD more acceptable to users."

Consumerization News from SimplySecurity.com by Trend Micro.

J. Nicholas Hoover wrote on InformationWeek that the Army has been some of the most passionate advocates of mobile devices in the military, with CIO Mike Krieger saying that they are trying to push the envelope and move quickly into the BYOD era. However, the inspector general said in the report that there needs to be a more comprehensive set of policies for use of devices and removable media as well as better training of those planning on using mobile devices in the field.

"As part of the study, the inspector general visited the U.S. Military Academy and the Army Corps of Engineers' Engineer Research and Development Center, each of which has pilot and other mobile device efforts underway," Hoover said. "However, neither organization got CIO authorization to use or even in some cases to test a large portion of their mobile devices, which left the Army CIO unaware of more than 600 mobile devices actively in use."

There was also incomplete and inconsistent use of management software for mobile devices, the report found, with employees and soldiers alike storing personal and even sensitive data on these devices.

Wired.com said an inspection at West Point showed that 15 out of the 48 devices audited didn't even have passwords set up, a definite data security blunder. Assistant inspector general Alice F. Carey wrote in the report that if devices remained unsecured, malicious activity could disrupt Army tasks. Outside of passwords, the improperly used smartphones and tablets had potential to trigger data leaks and attract cybersecurity attacks, the report said, with many of the devices said to not be properly connecting while still gaining and storing sensitive information.

"Some of the data security failings are more mundane," Wired said. "Commercially purchased devices should be set up so the data on them can be wiped remotely, according to Pentagon regulations, but because of the lax requirements on configuration, two devices stolen from the home of an Army Corps of Engineers employee couldn't be remotely restored to its factory settings. (And again, don't bother reminding them that there's a bunch of data that stays latent even after a wipe.)"

VA stalls on BYOD as well
Going along with the theme of soldiers, Hoover reported in a previous story that the U.S. Department of Veteran Affairs, which has been planning on letting employees use their own devices, will not move ahead until they can resolve legal issues that exist. This is another stumbling block in a plan that has, thus far, been riddled with them across the entire U.S. government.

Acting VA CIO Stephen Warren said they still have not gotten a "clean read" on the legality of rights and responsibilities on dual use devices. He said the agency will be holding off on plans altogether until they can figure that out.

"I would hate to lay out false expectations for the department as to what [information it can get to, or to our employees in terms of privacy," Warren said, according to InformationWeek.

Consumerization News from SimplySecurity.com by Trend Micro

"Endpoints are as hard to define as they are to protect," he wrote on the website. "The term traditionally referred to desktops and laptops, but endpoints now encompass smartphones, tablets, point-of-sale machines, bar code scanners, multifunction printers and practically any other device that connects to the company network. Without a well-conceived strategy, keeping track of and securing these devices is difficult and frustrating."

Coupling with this is the fact that these endpoints are as vulnerable as they ever have been with zero-day attacks against Java and Adobe happening in recent months. HD Moore, chief security officer for vulnerability management firm Rapid7, told Sawyer that companies have to get serious about protecting internal networks, as it has been common knowledge for years that firewalls are not enough to eliminate the threat of viruses and other malicious software.

There are ways to make sure endpoints are more secured, according to Sawyer, including:
- Make sure iOS, Android, apps and other endpoints are updated to account for anything that may end up being a security risk
- Train users on security best practices to promote a healthy sense of caution to those that are using devices within a company
- Endpoint hardening techniques via new security products should also be researched, as this could help add new views of security through controls. There are also new techniques that companies may want to try out in order to add new layers of security which were not previously in place

"These include practices such as the principle of least privilege, whereby users are granted only the account privileges they need to do their jobs; segregation of duties, which requires more than one person to make critical changes; and need to know, under which access to resources is limited to those who must have it," Sawyer wrote on Dark Reading.

Breaking rules can cause problems
Not following these rules can cause problems. According to Ponemon Institute's recent 2013 State of the Endpoint report, 60 percent of respondents said they allow admin rights to some of all users in the environment, something that could cause a greater number of threats.

Other numbers from the Ponemon report highlight some compelling reasons for increasing security at the endpoint level, including that 80 percent of respondents believe mobile data bearing devices and laptops cause a significant security risk, 58 percent of respondents had more than 25 percent of malware attempts each month and 85 percent are increasingly concerned about Mac malware and infections.

"The greatest rise in IT security risk is occurring across mobile devices and third-party applications," Ponemon's report said. "According to respondents, the risks caused by mobile devices such as smartphones and removable media and vulnerabilities in third-party applications have gained significantly since 2010 … In 2010, only 9 percent of respondents said mobile devices was a rising threat. This year 73 percent see it as one of the greatest risks within the IT environment."

Sawyer wrote on Dark Reading that having all technological policies, whether desktop, laptop, mobile and other formats should make sure that attacks are less successful and leaks are less prevalent. This should include system audits, security configuration and putting a unique password on each local host. Data security must be taken seriously no matter what format is being used.

Consumerization News from SimplySecurity.com by Trend Micro.

“With this, both new and existing mobile applications on the BlackBerry World application store will be scanned for potentially malicious behavior, thus adding an extra layer of security between the malware writers and the end mobile users,” according to a post on ZDNet. “With this, both new and existing mobile applications on the BlackBerry World application store will be scanned for potentially malicious behavior, thus adding an extra layer of security between the malware writers and the end mobile users.”

Adrian Stone, director of security response and threat analysis at BlackBerry, said that the companies want to address privacy and security concern of these third-party apps with this new teaming. Kevin Simzer, vice president of corporate development and alliances at Trend Micro, said the increasing volume of malware and high-risk apps means that cybercriminals are more active in trying to target and attack mobile endpoints. With this in mind, mobile security must be fortified across the board in an effort to slow down the negative effects of this type of malicious software.

Trend Micro has scanned more than 2 million mobile applications with its technology. In concert with BlackBerry, the companies want to be sure that URLs, emails, files and applications are continuously updated and in line with current threat libraries. This way, any new threat that comes to light can be immediately stomped out and will not negatively affect users.

Mobile malware hits high water mark 
This duo comes together after Trend Micro made predictions for 2013 which show that the threat of malware on non-PC devices is larger than ever. Android will take the brunt of the malicious software, according to the company, as it will see more than 1 million pieces of malware in the new year, but it is important for all devices to be as protected as possible.

“2012 showed that malware writers, spammers, and hackers have begun to capitalize upon the mobile market, with a particularly keen eye for attacking the Android platform,” ZDNet said about the predictions for the new year. “Not only does Google-owned Android have the greatest market share, therefore making it an easier target, it also has a more open platform to work with, compared to Windows Phone or the iOS-based platforms.”

Other key takeaways from this report:
- Malware for Android saw a growth in 2012 with about 350,000 threats detected, a growth ratio of 14:3 for Android versus PC.
- Java is still dangerous, especially for Apple iOS devices, as the company said it puts these devices in the “crosshairs of malware”
- Social media is a big reason why threats are looming large, as cybercriminals are able to easily pick and choose targets through websites like Facebook and Twitter
- Attacks are starting to become smarter and using professional development to improve their malicious programs

Avoiding mobile malware
TechTarget gave a few pieces of advice for users to avoid mobile malware on their handheld devices. People should make sure their host systems are syncing to devices in a way that is protected, have extra features such as Bluetooth disabled when on a company network, do not let the device automatically discover Wi-Fi networks and never click on links that are unknown.

“While it may seem a bit obvious, need to educate our users that, just as they should not click on every attachment sent to their PC email inbox, they should view unsolicited messages and software on PDAs and phones with suspicion,” the website said. “The malware released to date for phones and PDAs requires help from the victim in order to spread. No help, no virus.”

Consumerization News from SimplySecurity.com by Trend Micro.

“The mobile world is expanding and innovating at breathtaking speed, allowing consumers to do things that would have been hard to imagine only a few years ago,” said FTC Chairman Jon Leibowitz. “These best practices will help to safeguard consumer privacy and build trust in the mobile marketplace, ensuring that the market can continue to thrive.”

The FTC’s report recommends that mobile platforms should provide disclosures to consumers and attain their consent before allowing apps to contain sensitive data, such as where they are located. The agency also believes platforms should consider developing icons to depict transmission of their data, implementing a unified “dashboard” to let customers review the types of data collection they consent to and providing disclosures about other types of data they may collect, such as photos, contacts or calendar entries.

For developers of apps, the FTC said there should be a privacy policy in place, have disclosures for content and consider having a self-regulatory program to keep all apps in check.

“FTC staff strongly encourages companies in the mobile ecosystem to work expeditiously to implement the recommendations in this report,” the report said. “Doing so likely will result in enhancing the consumer trust that is so vital to companies operating in the mobile environment.  Moving forward, as the mobile landscape evolves, the FTC will continue to closely monitor developments in this space and consider additional ways it can help businesses effectively provide privacy information to consumers.”

The U.S. Food and Drug Administration has already offered up some guidelines of how it might look to rule over medical apps, according to MobiHealthNews. The agency said these guidelines were years in the making and focus on defining a medical app and also talking about what will not be covered. The FDA wants to put data security steps in place that each app, platform and developer needs to go through to be cleared for use.

Data Security News from SimplySecurity.com by Trend Micro

“It is becoming clear that this ‘BYO’ phenomena is dramatically impacting all elements of IT, not just devices,” Kemp wrote. “End users and departments for some time now have been BYO-ing Applications (‘BYOA’) in the form of deployments of Salesforce.com, Google Apps, etc., as well as business-oriented social networking apps such as Yammer (recently acquired by Microsoft) and Jive (a recent IPO). And these same users and departments are also even BYO-ing servers (‘BYOS’) by independently spinning up servers outside the firewall on Amazon and Rackspace.”

There are also people that bring their own files (BYOF) and documents by using websites like Dropbox and Box.com. As consumers have bought things on their own and used it how they wished in personal lives for many years, ownership is being taken in IT in a similar fashion, according to what Kemp wrote on Forbes. It’s also expanding how IT is being used within organizations, as it is no longer a department only thing to use a piece of technology. Aspects of IT such as security risk, devices used, access location and enterprise IT systems have gone from small to large within just the last 15 years, something that many did not see coming and companies are still trying to catch up with.

Saying ‘no’ may be dangerous 
​Thor Olavsrud quoted and industry insider on CIO.com who said that there is now more chaos in IT, but the department should be embracing this chaos, as consumerization and BYOD is something of an inevitability and should be secured as such. 

“In other words, if the IT organization responds by saying ‘no,’ users will turn to shadow IT to get what they want,” Olavsrud said. “And that’s not limited to … BYOD: Rogue employees will find a way to get their work done whether they require an unsanctioned device, application or a service like Dropbox.”

Consumerization News from SimplySecurity.com by Trend Micro

“This was a monumental growth from the 1,000 mobile malware we saw at the end of 2011,” Trend Micro said on its website. “Much of this growth was driven by adware and premium service abusers, which accounted for a sizable majority of the seen growth. The popularity of Android in the mobile space means that it is now facing threats similar to what has faced Windows in the desktop space. This threat grew and became more sophisticated throughout the entire year, and we expect that this will continue into 2013.”

Repeating History said 2012 saw a large increase of mobile malware as the months wore on due to the increase in the amount of Android malware that was detected. The third quarter especially saw a rise, as the number of detections went from 41,000 to 156,000, with a swift increase in the amount of what aggressive adware.

The Annual Security Roundup showed that premium service abusers were the biggest problem this year, taking up 40.6 percent of all mobile malware. These programs hijack a phone’s number and make charge calls to high-cost phone numbers, racking up huge charges on phone bills. Adware came in next, taking up about 38 percent of mobile malware. About 25 percent of malicious mobile programs stole data from the devices while nearly 23 percent installed more malicious files to the device. 

Cornerstones of good BYOD
The move toward more devices means companies will be adopting BYOD (Bring your own Device) more than ever. Although this will not completely solve the issue of mobile malware, it will help save companies a lot of headaches.

Benjamin Harris wrote on PhysBizTech that there are a few mainstays that companies should be focusing on in their BYOD program to stay secure, including:
- Have a data governance system in place to see where documents have been and who has viewed, stored or edited them
- Always encrypt the most sensitive data to avoid exploitation even if it does happen to leak out
- Know which devices are being used and have a program in place which centralizes security controls and expands visibility

Consumerization News from SimplySecurity.com by Trend Micro

"What specifically are these threats? Moving into 2013, there's a new level of attack emerging through the proliferation of cutting-edge methods of digital payment," he wrote on the website. "This involves more directed attacks that could culminate, effectively, in cyberterrorism, where an organized hacking group can cause mass chaos without necessarily stealing anything. "

Another worry for the new year is the proliferation of distributed denial-of-service (DDoS) attacks, which could bring down websites and restrict customers' data accessibility. Pravda wrote on American Banker that there have also been talks of a serious "Code Red" virus that may be lying in wait within the U.S. Department of Defense's computer systems and ready to take down many key agency infrastructures.

While it remains to be seen what, if anything, will come of the Code Red speculation, he said there is a need for all companies to prepare for the DDoS attacks and phishing attacks that have been hitting banks and other financial institutions hard. These may not be working on a large scale in most instances, but the small cases start to build up and can weigh down on companies.

"In the world of cybercrime, volume is what matters," Pravda wrote on American Banker. "We've begun to see exploits against the newest forms of security access, such as multifactor identification. Cybercriminals, like our digital devices, just keep getting smarter. Even though banks have their own networks, they already face and will continue to battle against a volume-related threat to their systems. Enough service requests can jam the system to the point of shutdown, as the rising tide of DDoS attacks has demonstrated."

New technology means new wave of cybercrime
With cutting edge tools comes new forms of malware and viruses that can take administrators by surprise while they're still learning on-the-job. ATM Marketplace said with mobile services and ATM kiosks expanding and integrating into other innovations, one report by ThreatMatrix shows that viruses and malware working against payment methods online will grow more dire in the new year.

A report from the company shows that threats that once affected only financial industry IT departments can now be executed on a smaller scale and try to effect digital payments. Hackers who create this malware are looking to take advantage of the lagging effort of security officials in protecting their networks or apps. It will go beyond data breaches of individuals as well, the company said, as larger-scale breaches are expected to see an increase with this increase in technology.

"This year, cybercriminals have become so advanced that security professionals are struggling to detect many of their attacks in a timely manner," said Andreas Baumhof, chief technology officer at ThreatMetrix, according to the ATM Marketplace. "As nearly every industry is increasingly targeted, businesses and consumers must make cybersecurity a top priority in 2013 to prevent fraud and malware attacks."

He added that while data protection, cybersecurity and other forms of fraud prevention are necessary for companies, there must be sound strategies in place by the IT department as well, as many of these attacks could go beyond the technology these businesses have in place if it is a zero-day attack.

Security News from SimplySecurity.com by Trend Micro.

"Light and small enough that you don’t have to think about whether to bring it," Forrester said of tablets. "Long enough battery life that you don’t worry about whether to bring your charger – you just charge it at night. And instantly responsive, so you don’t get irritated or distracted while waiting for it to catch up with you. So 'hybrid' devices, call them PCs or tablets, that feature a keyboard and touch do qualify as a tablet in this definition if they meet the criteria above."

The website said that many tablet users will likely be using email more than most apps or features on their tablets, which could end up creating a strain on the company's email network and even hurt performance if a company is using virtual desktops.

Mobile applications for productivity have also become more popular due to the increased popularity of cloud computing. ReadWrite Enterprise said companies will need to keep on top of their network performance while gaging how BYOD affects their infrastructure.

"One possibility is to boost the use of flash memory on the server side as well as on the device side," the website said. "From cell phones to tablets, NAND flash powers just about every mobile device. But investing in flash on the server-side as well can help improve performance of specific applications and remove overall bottlenecks. As BYOD brings ever-more mobile devices into corporate environments, IT faces a very real challenge to keep up."

With many other aspects of IT, InfoSec Island said the key will lie within the management philosophy of BYOD. Ian Tibble wrote on the website that there is a certain difference by what employees should do and what they will do, so making sure there are clear guidelines in place for what they should be doing on BYOD is an important step for making sure data security is covered across the enterprise.

Consumerization News from SimplySecurity.com by Trend Micro.