IT Pro Guide: Is enterprise right to be afraid of viruses going mobile? Guy Matthews says it should be, but ignoring the issue won't make it go away
The latest generation of mobile, wireless and remote working technology presents exciting opportunities for enterprises looking to enhance productivity while offering greater flexibility to employees.
But many enterprises are reluctant to embrace this range of possibilities, and have not yet moved beyond the most basic forms of mobile technology.
And the reason? In a word - security. A survey carried out for security vendor Symantec by the Economist Intelligence Unit reveals that some 82 per cent of global businesses questioned have been put off deploying mobile technology because they think mobile networks are equally at risk or more at risk of virus attack than fixed networks.
Perhaps businesses are suffering from the misplaced fear that just because they don't know exactly where something is at any one time, it must be in danger - just as a parent frets for a child that is not in line of sight. Are they worrying over nothing?
Well, not entirely. There is evidence, for instance, that seems to confirm that mobile phobia is at least partly justified. In March this year, news surfaced of the RedBrowser virus, which attacks not only smartphones but most Java phones. Suddenly corporate mobile phone networks seemed under threat not from the theoretical possibility of an attack, but a real live virus.
In the event, RedBrowser was pretty harmless. Another virus aimed at the Pocket PC mobile operating system proved a similarly damp squib.
Disaster around the corner?
Analysts say a truly catastrophic mobile virus is unlikely just yet. As with any other virus it will only be able to propagate itself through the downloading of infected files. Such things don't just spread globally over the ether. Virus writers, whose intelligence should never be underestimated, will need to find creative ways to get their code to spread that don't presently exist if they want to bring corporate mobility to its knees.
Some security experts are predicting that the next big mobile malware threat could be a virus that spreads through a business using wireless technology. They warn that writers of viruses and Trojans are working on code that is spread onto corporate networks as careless owners of infected Bluetooth-enabled smartphones move in range of other Bluetooth-enabled devices.
Without some sort of protective layer, it is theoretically possible for one infected phone with an open connection to accidentally propagate a virus throughout a whole building of phones and handheld devices, and so progress onto the main network.
Not crazy after all
It seems that fear of attacks on mobile technology is not so misplaced after all, even if a truly catastrophic threat is still some way off.
The problem for corporates is that even though large scale official roll-outs may have been put off, users are taking things into their own hands and, for instance, beginning to use personal smartphones to send and receive business-critical information in the absence of officially sanctioned devices.
This is where the biggest danger lies. Most of those businesses surveyed admitted that they weren't prepared in any way for the possibility of a mobile malware attack, partly no doubt due to the unofficial nature of the mobile technology used by their employees.
They had done nothing to either protect mobile devices, warn mobile device users or devise some sort of strategy for avoiding attack.
And while 81 per cent of businesses surveyed have conducted serious assessments of the threats that face their laptops, only 26 per cent had done the same with smartphones - a shocking disparity. After all, a high-end smartphone is really just a fancy laptop in a different form factor.
Time for action
Clearly the problem is one of corporate culture needing to catch up with the reality of how employees are communicating with each other today. Laptops have been a standard fixture on enterprise networks for many years now. But smartphones, PDAs, mobile email devices and the like are too new to the scene for security thinking to have encompassed them yet. This will have to change.
Businesses will need to adjust their thinking fast if they want to keep up with the speed at which threats move. They have a window at present of maybe a year, or even two, before a mobile virus is invented that can take down a whole network. It's essential that businesses use this opportunity not only to investigate protection for mobile networks but to adjust their speed of response to the possible dangers.
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now