Story image

Lax mobile security attitudes put banking & finance sectors at risk

24 Oct 2017

Financial institutions should take a closer look at the risks mobile devices bring to their businesses because as many as 28% of those devices are compromised or under attack – at least that’s the word according to Symantec’s Q2 2017 Mobile Threat Intelligence Report.

While keeping devices up to date with the latest operating security patch is one of the ‘simplest and most important’ precautions users can take, around 13.2% of devices are not running the current major version of the operating system and 99% may not be on the newest minor update.

Symantec says that mobile devices often have fewer security measures; are on and connected 24/7; connect to public WiFi networks; blend business and personal activities; and have more attack vectors such as SMS, email, apps and WiFi.

“Combined, these factors make mobile exploits very attractive, and there are many creative social engineering exploits that will fool even the most cautious financial executive, especially when the ploy could be business or personally oriented to compromise the same device,” the report says.

Between April 1 and June 30, 2017, 15.3% of devices encountered network attacks and 25.9% had unpatched vulnerabilities.

According to Symantec’s Brian Duckering, security experts and financial institutions are familiar with the stats.

He mentions in a blog that financial breaches are still happening, and are the most costly of any industry.

“Because of how user notifications might work (or not work), most users and enterprises don’t know when upgrades with security patches are available. Some Android users may never get a notice for their device at all! Then it’s left up to the enterprise and its users to install those patches, which exacerbates this critical gap in mobile security,” he explains.

The report also cites rooted and jailbroken devices as methods both end users and hackers use to gain more control of their devices.

“Because of the greater control over the device that this affords, it is a common goal of hackers to figure out ways to root or jailbreak devices, and malware is a common way to do that. A user that roots or jailbreaks their own device should be aware that they may be simply making it easier for hackers to exploit, so it is not generally recommended,” the report notes.

Here are five rules to follow to dramatically reduce the risk of mobile cyber attacks:

  • Don’t click, install or connect to anything that you are not confident is safe
  • Only install apps from reputable app stores
  • Don’t perform sensitive work on your device while connected to a network you don’t trust
  • Always update to the latest security patch as soon as it is available for your device
  • Protect your device with a free mobile security app.
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.
How to avoid becoming a cryptojacking victim - Bitglass
Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum.
Symantec, Ixia combine efforts to secure hybrid networks
Ixia’s CloudLens and Symantec Security Analytics now feature complete integration, which allows Symantec customers to gain real-time visibility into their hybrid cloud environments.