Android & BYOD still putting business data at risk
The firm’s study, which polled more than 5,000 senior IT managers worldwide, found that just 32% of organisations surveyed have adopted a dedicated security policy exclusively for smartphones and tablets, and just 28% of companies worldwide have opted to deploy comprehensive mobile device management (MDM) technology.
Around 9% of responding organisations feel it is feasible to ban employees from using personal smartphones altogether in the workplace, yet 29% of businesses are granting their employees full access to the data in corporate networks via mobile devices. AMEinfo spoke to Alexander Erofeev, Kaspersky Lab’s Chief Marketing Officer, about the challenges of BYOD (bring your own device) and Android devices in particular.
“It used to be a paradigm that IT is about big devices. If you talk to oldschool IT people, for them it’s all about something solid – the servers, desktops, laptops and so on. Secondly, when mobile phones hit the mainstream there was the feeling that it was the responsibility of the mobile operators to ensure security,” says Erofeev.
What has changed? The BYOD phenomenon, coupled with increasingly smarter devices, explains Erofeev. “If you talk with any IT manager, he will likely be complaining about budget and personnel issues, so it’s unsurprising that IT teams have only taken responsibility for external devices when they really have had to,” he said.
Shooting Android fish in a barrel
The increases in mobile malware throughout 2012 were overwhelmingly Android-related. Mobile malware writers focussed their efforts almost entirely on Google’s little green robot, with 99% of all malware detected by most agencies, including Kaspersky Lab, found to be designed for Android.
The most widespread malicious objects detected on Android smartphones can be divided into three main groups: SMS Trojans, advertising modules and exploits to gain root access to smartphones.
The most widespread of these were SMS Trojans, primarily targeting users in Russia. This is hardly surprising considering the popularity of this type of malicious program among Russian malware writers. Exorbitantly priced text messages remain the best source of income for cybercriminals targetting mobile, according to securelist.com
“Android is the most popular mobile platform. All threat economics are based on the theory of big numbers. It’s like you’re fishing in a very big lake, the bigger the net the more fish. Android has between 60% and 70% market share, so has naturally become a focus area for malevolent people,” Erofeev explains.
There is a fundamental technical difference between Android and iOS. The Apple Store has strict control of what goes on sale, while Android is following the way of Windows, and what made the OS widely popular – everything that has not been expressly prohibited is permitted.
This differing policy is key to what makes Android apps potentially malicious, but also a big key to how the mobile OS has become so incredibly popular. As Erofeev puts it, “the Android ecosystem is more friendly, and it gives more opportunities to developers. The flipside is that it’s more vulnerable”.
So then, is the future of BYOD to hand over greater control to IT administrators? Kaspersky Lab’s philosophy is that the Big Brother approach is actually counter-productive, and infringes on the benefits of BYOD.
“We don’t believe control is the way forward. We believe in visibility – knowing what devices are within your organisation and what data they hold,” says Erofeev. “We believe in the concept of smart policies; people need to take some sort of personal responsibility for their devices and for data security. Finally, we believe in technical ability; to find, look, wipe, protect and detect devices.”
“Essentially you need a high level solution to both manage devices and make them visible when necessary. It’s not about total control, because to be a Big Brother doesn’t aid productivity. But no control at all will lead to bigger issues for any company,” he warns.