Story image

Lax mobile security attitudes put banking & finance sectors at risk

24 Oct 17

Financial institutions should take a closer look at the risks mobile devices bring to their businesses because as many as 28% of those devices are compromised or under attack – at least that’s the word according to Symantec’s Q2 2017 Mobile Threat Intelligence Report.

While keeping devices up to date with the latest operating security patch is one of the ‘simplest and most important’ precautions users can take, around 13.2% of devices are not running the current major version of the operating system and 99% may not be on the newest minor update.

Symantec says that mobile devices often have fewer security measures; are on and connected 24/7; connect to public WiFi networks; blend business and personal activities; and have more attack vectors such as SMS, email, apps and WiFi.

“Combined, these factors make mobile exploits very attractive, and there are many creative social engineering exploits that will fool even the most cautious financial executive, especially when the ploy could be business or personally oriented to compromise the same device,” the report says.

Between April 1 and June 30, 2017, 15.3% of devices encountered network attacks and 25.9% had unpatched vulnerabilities.

According to Symantec’s Brian Duckering, security experts and financial institutions are familiar with the stats.

He mentions in a blog that financial breaches are still happening, and are the most costly of any industry.

“Because of how user notifications might work (or not work), most users and enterprises don’t know when upgrades with security patches are available. Some Android users may never get a notice for their device at all! Then it’s left up to the enterprise and its users to install those patches, which exacerbates this critical gap in mobile security,” he explains.

The report also cites rooted and jailbroken devices as methods both end users and hackers use to gain more control of their devices.

“Because of the greater control over the device that this affords, it is a common goal of hackers to figure out ways to root or jailbreak devices, and malware is a common way to do that. A user that roots or jailbreaks their own device should be aware that they may be simply making it easier for hackers to exploit, so it is not generally recommended,” the report notes.

Here are five rules to follow to dramatically reduce the risk of mobile cyber attacks:

  • Don’t click, install or connect to anything that you are not confident is safe
  • Only install apps from reputable app stores
  • Don’t perform sensitive work on your device while connected to a network you don’t trust
  • Always update to the latest security patch as soon as it is available for your device
  • Protect your device with a free mobile security app.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).