As any number of reports will attest, the mobile threat landscape is a burgeoning entity. According to the latest report from security vendor Sophos, there are over 650,000 pieces of malware for the Android operating system now in circulation, and that number is increasing at rate of knots.
Any reservations that the IT community has about the bring-your-own-device (BYOD) trend must surely now include worries over potentially accommodating Android-based viruses on a corporate network.
According to Orla Cox, senior manager for security intelligence delivery, Symantec, the industry is seeing a “fast-track evolution” of mobile malware, whereby the sophistication of mobile threats is growing at an alarming rate. The capabilities of PC-based threats took years to evolve to their current iterations, yet mobile threats are, in many ways, just as advanced, despite having been around for a fraction of the time.
“There are also kits available to allow you to combine the malware with the mobile applications – the APKs. If that was a challenge to would-be attackers, it’s not anymore, because there are kits that allow you to do that. The barriers of entry are kind of lowering for attackers on that,” Cox adds.
Does this mean, however, that the argument for BYOD has become much less convincing? According to Joseph Aninias, manager of IT and telecommunication services at the University of Wollongong in Dubai, this depends entirely on what sort of business the BYOD programme is intended for. If the mobile devices are likely to contain sensitive information, it is hardly preferable for employees to use potentially infected smartphones for work. And some Middle Eastern organisations are resisting the user-driven demand for BYOD with vigour.
“In some companies that I know, especially in the airline industry, employees aren’t allowed to bring a phone with a camera. If you want to insist on it, they’ll flip your phone, put a screw on the camera and hammer it to break the lens,” Aninias says.
Other organisations might not take such a hard-line approach. But with each new report of the growing number of mobile threats, the case for pure-play, unmanaged BYOD is becoming increasingly difficult to maintain.
