The mobile application threat space still is in its infancy, but organizations should be planning for the possibility of malicious acts heating up in the near future, said the security director of a major bank in Canada.
Speaking Tuesday at SC Congress Canada in Toronto, Joe Lobianco, senior director of information security and risk management at CIBC, said cybercriminals have yet to ramp up their attacks on mobile applications like they have been doing in the traditional desktop environment for years.
“We've seen no serious or persistent security threats yet or substantial attempts at profit,” Lobianco said.
He added, however, that there have been instances of smartphone vulnerabilities and proof-of-concept malware, which could be a precursor of more sophisticated attacks waiting in the wings.
In the meantime, organizations should most be worried about fake mobile applications, which could trick users into giving up their confidential data, or basic phishing attempts.
Lobianco advised security professionals to enlist the same standard security development processes in the mobile space that they do for traditional applications. That includes penetration testing and code review. In addition, administrators should consider locking down devices they distribute to employees.
Specifically for end-users, security practitioners should educate staff about the dangers of things like fake apps.
“I think we're still OK for now, but in two years, I think this presentation will look really different,” Lobianco said.