The week in security: Struggling to get smarter about mobile apps

It's hard enough to make sure employees don't walk out the door with your corporate data in hand – but with a growing tide of sentiment suggesting encryption is actually a potential problem, what's a CSO to do?

Companies such as Samsung and Good Technology have taken steps to improve device security – and while endpoint protection has matured, the US National Institute of Standards and Technology also offered some guidance on vetting the security of mobile applications.

Turns out the US is the worst culprit when it comes to developing risky mobile applications. Car maker BMW may be paying close attention, after it promised bank-level security on its cars – in the wake of the revelation that hackers can remotely unlock car doors using their smartphones.

Not all hackers are as smart as such demonstrations might lead you to believe, although they are still effective enough as to require security leaders to keep coming up with new ideas about how to keep their data protected.

One company that could use new ideas about security is Sony which, reports suggest, may have some long-term guests on its network as rumours swirl that Russian hackers have established a permanent outpost on the company's network.

This, as major US health insurer Anthem became the latest large company to be hacked. No wonder experts say that cybercrime is not a “solvable” issue, but instead must be looked at as an exercise in harm minimisation.

In the midst of questions about how to secure the emerging Internet of Things (IoT), Verizon launched a portal designed to facilitate large-scale security administration. Google had a new idea about how to keep its crowdsourced bug-hunting efforts moving, offering grants to keep hackers interested. Dating site Topface was also paying a grant – although some might prefer the word 'ransom' – to a hacker who stole 20 million user credentials from it.

Also on the theft theme, new spyware was targeting iOS devices and stealing photos and data, according to reports. Adobe Systems had to deal with yet another 0-day flaw in its Flash Player software – the third such vulnerability this month – while other companies were dealing with malicious advertisements that were planted on a range of major sites and compromised large numbers of computers.

Three Android apps had caused similar problems before being removed from Google Play, while a dangerous Internet Explorer vulnerability allowed attackers to craft highly believable phishing attacks.

No wonder European Union authorities are getting stricter about data-protection policies: a task force has, for example, been formed to examine Facebook's privacy policy and its compliance with EU guidelines. Even US authorities were working to improve privacy, with legislators weighing legislation to stop warrantless reading of emails.

Yet compromises of social-media data aren't all the network providers' fault: Australians are more than willing to sacrifice private information for a good mobile app and don't worry as much as their global peers about getting mobile viruses, according to a recent study. With the average company losing $US90 million to mobile fraud, perhaps they should start to worry.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Tags sonynewsmobile applicationssamsungGood TechnologySecurity weekrisk and management

Show Comments