Security vendors failing to tackle mobile malware, say CISOs

Smaller point solutions are dominating the market, as traditional vendors get left behind

Malware is still the biggest threat to mobile security, but most mobile device management (MDM) strategies tend to focus on securing the physical device in case of loss of theft, rather than protecting from cyber threats, according to Peter Gibbons, head of Information Security at Network Rail.

Speaking at the Infosecurity Europe 2013 press conference in London this week, Gibbons said that although mobile malware still only represents a tiny fraction of the total amount of malware in the world today, it is growing exponentially.

"Sooner or later someone is going it get it right and find a vulnerability in iOS or Android or Windows 8 - whatever it happens to be - and they're going to cause a significant loss of data through injected malware. In my view it's a matter of time," he said.

Gibbons said that the scarcity of anti-malware products for mobile is a result of the way the security industry has evolved. Fifteen or twenty years ago it was all about anti-virus and firewalls and intrusion detection, but more recently the industry has become more concerned with protecting data.

"We started progressing away from securing the platform to securing the data, and then we got a new platform and it hasn't had that experience built into it, so I think there is a general naivety around that," he said.

The traditional security vendors have also been slow to come up with mobile-specific security solutions, which has resulted in the market becoming dominated by smaller MDM companies like TouchDown and Good Technology, according to Gibbons.

"I get probably 10-15 calls a week from a technology vendor saying, can I come and meet you to tell me how brilliant my product is?" he said.

"When they're talking about mobile security technologies, it's not the big security companies. It's the smaller security companies, the single products, and they've broken into that market. I'm not getting McAfee and Symmantec asking about my mobile security."

Although the traditional vendors are being left behind, however, the industry as a whole is moving in the right direction according to Andrew Yeomans, board member of the Jericho Forum. He added that mobile malware is still a fairly low-level concern for Chief Information Security Officers (CISOs).

"We ought to be aware that it's a possibility, but it's not something that's going to make me lose a lot of sleep for quite a long time," he said.

Yeomans added that we are currently in the second phase of a major change in the security landscape. The first focused on controlling the network; then the network expanded and started connecting to thousands of devices, so the security moved down to the end points.

"The third phase is when we realise it's actually very expensive to do that, and most of the data we're passing round doesn't need protecting anyway, so let's move the protection down to the bits of data that actually matter to us," he said

"Then it doesn't matter where you go, you can't actually access those bit of data unless you've got the appropriate keys and permissions to do so."

The Infosecurity Europe summit takes place between 23-25 April 2013 at Earl's Court London.

Tags Mobile &ampsecurityNetworkingwireless

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Enterprise Security Suite

Comprehensive protection from your internet gateway to your mail and file servers, desktops, laptops, and mobile devices, fully integrated and centrally managed.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.