Story image

Lax mobile security attitudes put banking & finance sectors at risk

24 Oct 2017

Financial institutions should take a closer look at the risks mobile devices bring to their businesses because as many as 28% of those devices are compromised or under attack – at least that’s the word according to Symantec’s Q2 2017 Mobile Threat Intelligence Report.

While keeping devices up to date with the latest operating security patch is one of the ‘simplest and most important’ precautions users can take, around 13.2% of devices are not running the current major version of the operating system and 99% may not be on the newest minor update.

Symantec says that mobile devices often have fewer security measures; are on and connected 24/7; connect to public WiFi networks; blend business and personal activities; and have more attack vectors such as SMS, email, apps and WiFi.

“Combined, these factors make mobile exploits very attractive, and there are many creative social engineering exploits that will fool even the most cautious financial executive, especially when the ploy could be business or personally oriented to compromise the same device,” the report says.

Between April 1 and June 30, 2017, 15.3% of devices encountered network attacks and 25.9% had unpatched vulnerabilities.

According to Symantec’s Brian Duckering, security experts and financial institutions are familiar with the stats.

He mentions in a blog that financial breaches are still happening, and are the most costly of any industry.

“Because of how user notifications might work (or not work), most users and enterprises don’t know when upgrades with security patches are available. Some Android users may never get a notice for their device at all! Then it’s left up to the enterprise and its users to install those patches, which exacerbates this critical gap in mobile security,” he explains.

The report also cites rooted and jailbroken devices as methods both end users and hackers use to gain more control of their devices.

“Because of the greater control over the device that this affords, it is a common goal of hackers to figure out ways to root or jailbreak devices, and malware is a common way to do that. A user that roots or jailbreaks their own device should be aware that they may be simply making it easier for hackers to exploit, so it is not generally recommended,” the report notes.

Here are five rules to follow to dramatically reduce the risk of mobile cyber attacks:

  • Don’t click, install or connect to anything that you are not confident is safe
  • Only install apps from reputable app stores
  • Don’t perform sensitive work on your device while connected to a network you don’t trust
  • Always update to the latest security patch as soon as it is available for your device
  • Protect your device with a free mobile security app.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.