Subscribe For Free

A boom in cyber crime – and software security

Paul Withers
July 14, 2016

With one in every four firms attacked in the past four years, security has never been so vital

The need to protect your devices from the threats of cyber crime has never been greater.

According to a recent report, one in every four businesses have been attacked in the past four years, including major organisations such as Vodafone, TalkTalk and Carphone Warehouse.

As a result, the need to thwart such problems has helped to fuel an ever increasing, multibillion pound market.

Cyber security software sales for Western Europe, for example,  was valued at more than $5 billion last year.

That  figure is set to reach $7 billion by 2020. Mobile security, a market often ignored for threats but now increasingly  prominent, accounted for $400 million. It will almost double to $700 million within five years.

The problem is not about to disappear.

To highlight the magnitude of the problem, security specialists Kaspersky Labs said it identified 885,000 unique mobile malware samples last year – double from 2014. In the first three months of this year, it saw a further 357,000 unique samples.

During the same three-month period, Intel Security scanned 150 million applications across 190 countries, finding that nine million contained malware.

The damning statistics all point to a market that provides a huge opportunity for resellers.

It is one that is booming for all the wrong reasons for users, manufacturers and operators fighting against cyber criminals that appear to be accessing information at will.

Huawei European cyber security officer David Francis said the need for security on mobile devices has never been more important.

“There is a higher regard for security now that more people are using mobiles for critical life functions, such as online banking.

“Putting security into devices has never been higher but the threats are increasing.

“Absolutely critical”
“You have an arms race between the good and bad guys, and the latter have realised that there is more money to be made from attacking mobile devices than there ever has been before.

AdaptiveMobile is headquartered in Dublin. It provides a carrier-grade network protection platform to more than to 1.5 billion global customers. Chief strategy officer Simeon Coney described the need for security as an “absolute priority”.

“The greatest threats in terms of impact to the end user are the engagement for fraud. People live so much of their lives online now and really the mobile is predominantly the major device with which they are doing that, whether that be social networking, app usage or conducting financial transactions. Criminals have been very quick to capitalise on that.”

Symantec was founded in 1982 and is headquartered in California. It is present in 50 countries, protecting tens of millions of corporate and individual customers.
Chief strategist for EMEA Sian John echoed Coney’s initial comments, labelling mobile security “a really serious issue”, claiming it has developed to the point over the past few years, in particular at business level, where it is more than just protecting the mobile device.

“It is about considering mobile security in the wider context of the wider security of the organisation, rather than just something in particular,” she said.

“It’s not just about the device anymore; it’s more about access control, encryption and the cloud services that you use. “

While the increasing threat of mobile security and cyber attacks has never presented a better opportunity for resellers, unfortunately the same can be said for the cyber criminals.

Kaspersky Lab’s annual report from April 2015 to March 2016 found the number of users attacked by ransomware targeting Android-based devices had quadrupled in just one year, from 35,413 users to 136,532.

The research concluded that the share of users attacked with ransomware as a proportion of users attacked with any kind of Android malware also more than doubled from 2.04 per cent to 4.63 per cent over the year.

The rapidly increasing dangers are perfectly outlined within its first quarter report: the security provider detected 2.045,323 million malicious installation packages on mobiles – 11 times greater than in Q4 2015.

It also revealed 4,146 mobile banking trojans in Q1, which was 1.7 times higher than the previous quarter. This is the type of malware used with the sole purpose of stealing someone’s banking information.

The rise in threats can largely be attributed to rising smartphone sales. According to IDC, these increased 10.1 per cent in 2015 to 1.433 billion, while in Q1 of this year sales increased marginally to 334.9 million units.

According to Ofcom’s Communications Market Report last August, the smartphone had overtaken the laptop as the most popular device for internet access in the UK. From the 3,095 adults surveyed, 33 per cent favoured smartphones and 30 per cent laptops.

Kaspersky Lab principal security researcher David Emm said: “Mobile devices are outselling traditional computing devices and for that reason criminals are looking towards mobiles.

“There are now several per household and that offers a lucrative and bigger pool of victims, which is why they are ramping up their focus on it.”

Wearables vulnerable
Intel Security’s Q1  report also revealed the rising threats posed by mobile hacks. New mobile malware samples grew 17 per cent from Q4 2015 to more than to almost 1.75 million, while total malware samples grew 23 per cent and 113 per cent over the past year to around 9.5 million.

Chief technology officer for EMEA Raj Samani said: “The way that we use technology has changed. As we become more dependant on mobiles, we see a focus by criminals to target these.  Mobiles now range from a simple phone to that IoT device on your wrist. The low-hanging fruit is app fraud, mobile malware or ransomware but I suspect you will begin to see wearables in that threat space.

“Most of these devices use Bluetooth and we know of many well-documented security flaws, so the connection between the wearable and mobile gives the criminal a greater chance to access sensitive information.”

Android has been identified as a target for cyber criminals, due to its openness and freedom to develop applications. According to Gartner, global Android unit sales totalled nearly 294 million to provide it with market share of 84.1 per cent, up from 78.8 per cent a year earlier.

App dangers
This is providing developers with a greater opportunity to create apps for those devices, yet this can also widen the chance of being the victim of a cyber attack.

Frost & Sullivan principal consultant Jarad Carleton says the various Android devices and OS software updates that come with it open it up more for attacks.

“One of the key challenges on one side, for example Android, is you have this very robust mobile OS that is capable of doing a lot of great things but you have all these different flavours, not only of devices but also of OS versions.

“Apple has always maintained control over the OS. There are no middle men getting in the way – they just roll out the security updates.

Android targeted
“The bad guys know there is potential to put malware on these devices and make more money because there are so many devices.”

OmniCyber Security director Andrew Collins added: “The great thing about Android, yet the most risky part, is that anyone can develop for it. With Apple, apps are either developed in-house or approved by third parties.

“The device isn’t the biggest issue but rather the applications on them that need to be given more consideration. When you sign up for any app, it requests a hell of a lot of information from the back end of your phone.

“Most people just want to use the app, but the fact that it is requesting that information without an explanation there needs to be increased awareness and privacy around those apps.

BYOD fears
”Malware is specifically written for the operating systems on the devices. It is becoming an increased threat and people are a little more ignorant to the security that is on their phone.”

Huawei’s Francis admitted to a personal experience whereby a conference organiser’s app began asking questions about his location, and hit back at companies and developers.

“The social engineering aspect of getting people to download things that aren’t safe is one of the biggest threats to mobile users. If you are downloading an app and it asks for information, you need to look at what those permissions are. It’s not just about the consumer; the industry isn’t good at this either.

Within the business space,  BYOD has been identified as a potential vulnerable area for hacking, as smartpnones and tablets often contain both personal and professional information and data.

Due to the proliferation of devices, companies are now allowing staff to bring their own devices to work, due to perceived productivity gains and cost savings.

Last month, Samsung enterprise business team vice president Graham Long revealed the vendor is investing millions of pounds in its B2B arm as it looks to boost operator and dealer relationships to drive up sales.

Its security software product KNOX forms a large part of this. Samsung channel director for IM enterprise Phil Lander claims more people are being turned away from BYOD because of the security risks associated with it.

“Our research showed 78 per cent of firms that have tried BYOD have decided security risks are the main reason they are not implementing BYOD. With more devices deployed in your workforce, human behaviour can lead to risk as well.

“The combination of software threats and dubious behaviours in the market, as well as the user case for customers are changing, is making it more critical for companies to look at how they manage, control and give themselves some piece of mind.”

IDC research manager for European security practice Dominic Trott agrees BYOD opens up more opportunity for hackers to get into company mobile devices. He stressed the importance of having a mobile device management (MDM) program in place.

“If you’re on a BYO device that doesn’t have enterprise managed mobility put in place on it, or perhaps even jailbroken or not have the latest OS, there will be a number of vulnerabilities.

“There are potential flaws within mobile apps and security might not be the top of someone’s list when they are developing an app.

“All of these mean it can be easy to compromise a device and once that happens, they can nip across the supply chain, and start getting into the enterprise.”

Another key element outlined in regards to why mobile users are becoming increasingly vulnerable is public WiFi hotspots.

Due to their shared nature, they have been identified as a prime target for hackers to gain information.

Symantec’s John says: “One of the biggest threats is people doing things on public WiFi and opening themselves up to exposure. Devices are automatically connect to the hotspots and you could end up joining one without realising.”

If unhappy, don’t install
Kaspersky Lab’s Emm advised consumers to stick to a trusted WiFi network when doing anything confidential on their device, while Huawei’s Francis said users “don’t take the threat seriously” of having their information compromised in public.

Carleton from Frost & Sullivan added: “Although hotspots are great for consumers, they aren’t great for security because your phone automatically attaches to it.

“Your phone is always sending out the signal: “Jarad’s WiFi hotspot. Are you there?” Hackers can look for those network handshake requests.”

So what can mobile consumers and businesses do to protect themselves? According to Intel’s Samani, the answers are obvious.

“Look at the app stores you are buying things from and what permissions those apps are asking for. Consider what they are going to do with your data and if you’re unhappy with it, don’t install it.

“Make sure you have security protection. Enable the ‘Find My Phone’ feature and the ability to remotely wipe the device.”

Huawei’s Francis says the industry needs to work together to do more to protect users and make security a bigger priority. He believes there needs to be a built-in approach to security from manufacturers, rather than just treating it as an after-thought, with protection in place from the design stage.

“People used to rush towards features and functions and then security would be further down the list. Security needs to be built in from the moment the device is being designed.

“When you’re building security into the device, you have to consider who you are building the components from and how are they building security into the device and software.”

Built-in security
“How do you know the device that leaves your factory is the one that arrives at the reseller? How do you know the one that someone buys is genuine? The industry needs to do more with this built-in rather than bolt-on approach to security.”

All agree that the industry has a responsibility to educate mobile users on the dangers of cyber hacking and the benefits of mobile security.

The high-profile hacking cases involving Carphone Warehouse, Vodafone and TalkTalk have helped highlight the issues, providing companies with the motivation to protect themselves.

This isn’t the sole solution, though, and that raising of public awareness needs to be greater.

Samsung’s Lander said: “These raise the profile and concerns because they can have dramatic implications on data protection.

Consumer drag
“When we are talking to CIOs and CTOs that want to manage their fleet, they are aware of the concerns and know they need to take action and are looking at solutions.

“Educating the market and customers on this is key because there is a demand for it.”

Kaspersky Lab’s Emm claims that although businesses in particular are recognising the importance of security, consumers have been  slower to adopt this approach because they are unaware of just how much information their smartphones contain.

As a result, he agrees that awareness of the dangers and solutions needs to be improved.

“There is more of a drag with consumers. Even if someone is clueless about technology, if you give them a laptop or PC, they they will protect it.

“There certainly isn’t enough awareness of this. People are still thinking of these as phones. The convenience is built into our daily lives, so we don’t think about security issues until something bad happens to us.”

The statistics point towards an increasingly growing mobile security threat scape, which will only widen.

Hackers less concerned
Huawei’s Francis labels this a “large well-funded international criminal organisation”, while IDC’s Trott believes cyber attackers are becoming more “competent, professional, organised and collaborative”.

However, they stop short of admitting they are fighting a losing battle, claiming there is always something they and the industry as a whole to keep some at bay.

“The greatest challenge in the cyber world is you can be geographically remote on the other side of the world to launch an attack, which means attackers are so much less concerned about retribution or capture,” says AdaptiveMobile’s Coney.

“You know there is such little cooperation between law enforcement communities.
“They will never stop but we can see when we deploy into our customers that we drive away the amateurs and those that aren’t serious. It is a constant war of arms against the most determined of attackers.”

On a positive note, this also presents a huge opportunity for resellers for additional revenue. Value-added services are becoming key. Accessories have always been a firm favourite, but the emergence of others like mobile insurance and now security can increase their ‘stickiness’ with customers.

Kasperky’s Emm agrees: “This is vitally important for resellers because they are in a trusted position with their customers and in many cases are the first place that people go to for advice.

“The more knowledge they have with the threat landscape, the better they will be with informing their customers.”

However, according to Collins, most resellers should concentrate on “getting their own house in order first” due to the amount of personal information they will be holding for their customers.

Symantec’s John maintains, though, that the opportunity for resellers with mobile security has “never been better”, especially when selling products to businesses that are likely to hold high value data.

“The opportunities for resellers, in particular selling into businesses, is greater than it ever has been. It’s about looking at how you take that technology and integrating it into the way the business works, enabling their employees and customers to use that technology as much as possible to get the best benefit out of it while minimising risk.

“The reseller opportunity is to say: “Take the technology available to protect your business and make sure it is put in the right place to unlock the power of mobile.” From a reseller point of view, there couldn’t be a better time.”

Share this article