Mobile viruses

IT Pro Guide: Is enterprise right to be afraid of viruses going mobile? Guy Matthews says it should be, but ignoring the issue won't make it go away

The latest generation of mobile, wireless and remote working technology presents exciting opportunities for enterprises looking to enhance productivity while offering greater flexibility to employees.

But many enterprises are reluctant to embrace this range of possibilities, and have not yet moved beyond the most basic forms of mobile technology.

And the reason? In a word - security. A survey carried out for security vendor Symantec by the Economist Intelligence Unit reveals that some 82 per cent of global businesses questioned have been put off deploying mobile technology because they think mobile networks are equally at risk or more at risk of virus attack than fixed networks.

Advertisement - Article continues below

Perhaps businesses are suffering from the misplaced fear that just because they don't know exactly where something is at any one time, it must be in danger - just as a parent frets for a child that is not in line of sight. Are they worrying over nothing?

Well, not entirely. There is evidence, for instance, that seems to confirm that mobile phobia is at least partly justified. In March this year, news surfaced of the RedBrowser virus, which attacks not only smartphones but most Java phones. Suddenly corporate mobile phone networks seemed under threat not from the theoretical possibility of an attack, but a real live virus.

Advertisement - Article continues below

In the event, RedBrowser was pretty harmless. Another virus aimed at the Pocket PC mobile operating system proved a similarly damp squib.

Disaster around the corner?

Analysts say a truly catastrophic mobile virus is unlikely just yet. As with any other virus it will only be able to propagate itself through the downloading of infected files. Such things don't just spread globally over the ether. Virus writers, whose intelligence should never be underestimated, will need to find creative ways to get their code to spread that don't presently exist if they want to bring corporate mobility to its knees.

Advertisement - Article continues below

Some security experts are predicting that the next big mobile malware threat could be a virus that spreads through a business using wireless technology. They warn that writers of viruses and Trojans are working on code that is spread onto corporate networks as careless owners of infected Bluetooth-enabled smartphones move in range of other Bluetooth-enabled devices.

Without some sort of protective layer, it is theoretically possible for one infected phone with an open connection to accidentally propagate a virus throughout a whole building of phones and handheld devices, and so progress onto the main network.

Not crazy after all

It seems that fear of attacks on mobile technology is not so misplaced after all, even if a truly catastrophic threat is still some way off.

The problem for corporates is that even though large scale official roll-outs may have been put off, users are taking things into their own hands and, for instance, beginning to use personal smartphones to send and receive business-critical information in the absence of officially sanctioned devices.

Advertisement - Article continues below

This is where the biggest danger lies. Most of those businesses surveyed admitted that they weren't prepared in any way for the possibility of a mobile malware attack, partly no doubt due to the unofficial nature of the mobile technology used by their employees.

They had done nothing to either protect mobile devices, warn mobile device users or devise some sort of strategy for avoiding attack.

And while 81 per cent of businesses surveyed have conducted serious assessments of the threats that face their laptops, only 26 per cent had done the same with smartphones - a shocking disparity. After all, a high-end smartphone is really just a fancy laptop in a different form factor.

Time for action

Clearly the problem is one of corporate culture needing to catch up with the reality of how employees are communicating with each other today. Laptops have been a standard fixture on enterprise networks for many years now. But smartphones, PDAs, mobile email devices and the like are too new to the scene for security thinking to have encompassed them yet. This will have to change.

Advertisement - Article continues below

Businesses will need to adjust their thinking fast if they want to keep up with the speed at which threats move. They have a window at present of maybe a year, or even two, before a mobile virus is invented that can take down a whole network. It's essential that businesses use this opportunity not only to investigate protection for mobile networks but to adjust their speed of response to the possible dangers.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020