Mobile Malware Risk: Why Prevention is Better than Cure, and What You Can Do About It
Mobile Malware Risk: Why Prevention is Better than Cure, and What You Can Do About It

It's getting to the point where we need to add malware to the list of life's certainties, along with death and taxes. The WannaCry outbreak saw the ransomware spread to more than 200,000 hosts in over 150 countries worldwide, according to Europol, the EU's law enforcement agency. The risk of infection from malicious software is growing all the time, because the threat is no longer limited to just laptops or business devices. 

Mobile devices are now squarely in attackers' sights. The security company Kaspersky found that ransomware targeting Android mobile devices increased almost fourfold between March 2015 and 2016. Additionally, attackers recently targeted mobiles belonging to customers of Tencent, the Chinese internet portal, offering fake copies of a legitimate app that would download a copy of ransomware. 

Ransomware works by encrypting the data on an infected device, locking out the user unless they pay criminals for a digital ‘key.' Let's imagine that scenario for a moment: what would you do if you were locked out of your precious smartphone - and what would it be worth to you to get it back? 

With the lines now thoroughly blurred between work and personal devices, there's every chance that your smartphone holds company-confidential information.The fear of losing access to sensitive or important data is a large part of the reason why so many victims choose to pay the ransom and get their devices decrypted. 

There are other potential risks at play here: compromising a smartphone gives an attacker the ability to browse messages, call logs, contact details, and passwords. 

Mobile Malware Risks: Prevention Tips

So, how do we protect ourselves from ransomware attacks? We can start by preventing threats from infecting our mobile systems in the first place. That means keeping devices up to date. Where possible, we need to run the latest versions of apps and operating systems because they include fixes for the latest known vulnerabilities. These are the types of flaws that cybercriminals exploit to spread their malware that infects machines to demand a ransom or to steal the data. 

There are also technical solutions available that let you block malicious content at source. This prevents your smartphone from visiting a website that criminals have hijacked to spread ransomware or other malware. Your mobile operator may have solutions like this already. 

App hygiene is also important. Be choosy about which apps you download, and monitor what other information your app accesses. Ask the tough questions: why does your flashlight app really need to access your contacts? 

Additionally, password enforcement should match your company policies. If a mobile device has been lost or misplaced, password enforcement provides peace of mind that no sensitive company data will be lost. You can further safeguard the devices and data with essential mobile device management (MDM) features like remote locate, lock and wipe. These features can help to recover a lost smartphone, or if it has been stolen and you're worried about exposing the information it contains, you can delete the memory and ensure the data never falls into the wrong hands. 

It's clear the stakes are too high to ignore the risk of mobile malware attacks, but we shouldn't let the opportunity to learn from a crisis go to waste. For example, the recent WannaCry cyberattack earned global headlines because some of the victims were very high profile – like the Spanish mobile operator Telefonica and the UK's National Health Service – and because it exposed how reliant they are on technology. 

When many organizations went into lockdown as they tried to battle the malware and assess how far it was spreading, we got a glimpse of the chaos that resulted when technology was unavailable to them. 

Wide-scale security incidents like this are a jarring reminder of how connected we have now become, and what implications that has. That connectedness is unquestionably a good thing in so many ways, but it also serves to remind us about the risks of contamination. But, our connected world only works if it's built on trust. Within this context of trust, you can understand why hospitals tell healthy visitors to stay at home rather than risk contamination during an outbreak of the latest superbug.

WannaCry was effective partly because many organizations were using older versions of Microsoft Windows – even though a patch that specifically fixed the flaw it exploited had been available since March. The sad part of this story is that the trend this example illustrates is actually much worse. According to the latest Verizon Data Breach Investigations Report, just one in ten breaches were against a new technical vulnerability. To flip that statistic around, that means 90% of security incidents were against old and known flaws.

When a financial reward is up for grabs, we can expect cybercriminals to keep adapting and modifying their attacks to prey on weak points in our technology. Mobile risks becoming one such weak point. As Graham Cluley, a security industry commentator says it's not surprising that criminals are targeting smartphones, since most users don't yet install antivirus software on them. Rather than being on the back foot and reacting to these attacks as they occur, paying attention to the simple but effective steps like the prevention tips mentioned earlier can proactively help companies fight cyberattacks and reduce exposure to this growing area of risk.

To conclude, we need to recognize the important but overlooked role that mobility plays in our working lives, and evaluate the risk of it becoming infected. Putting resources towards preventing those threats from becoming real, and some basic technical hygiene can go a long way towards immunizing not just our own organization but ensuring we aren't putting others in harm's way. 

Few of us count the return on investment from buying a fire extinguisher, we simply know it's the smart thing to do. Similarly, a solid prevention strategy for managing mobile malware risk is a no-brainer. Another way to think about it is to consider the far higher cost if your office - and all of the files you hold dear - were to go up in smoke.