Mobile malware 'a growing threat'

Johannesburg, 27 Jul 2009

Chief information officers (CIOs) must pay close attention to the new security risks posed by mobile devices such as smartphones, according to Deon Liebenberg, regional director for sub-Sahara Africa at Research In Motion (RIM).

“One threat that is growing in significance as more users count on smartphones for business applications is mobile malware. Just like PC viruses, malicious code has the potential to run undetected on a smartphone and wreak havoc within a corporate network,” says Liebenberg.

Liebenberg urges companies that provide mobile devices to their workforce to implement the right measures to protect the enterprise. He adds that malware can transmit itself across the wireless network, bypassing some of the corporate network security systems and potentially damage or infiltrate the network. Malware can also cripple a mobile device by using all of its available memory.

Smart security

Liebenberg says most enterprises count on real-time anti-virus scanning software to prevent the transmission and proliferation of malware on computers. However, he notes that smartphones are a different kettle of fish.

“Smartphones are constrained by finite memory, processing power, and battery life. This means the standard computer network approach of detecting malware using a large, frequently updated, local database or a constant connection to an online database has to be tailored.”

Liebenberg points out that administrators should specify which trusted applications are permitted on the device and to prevent third-party applications from using storage. He adds that administrators should restrict network connections inside the firewall that a third-party application running on the device can establish.

”To protect their mobile devices and networks from malware, CIOs should invest in mobile solutions that have security baked into the devices and supporting infrastructure,” says Liebenberg.

“These security features built into the solution need to be as unobtrusive as possible so that they don't detract from the ease of use of the device or the end-user's efficiency and productivity.

“Mobile devices such smartphones are integral parts of many enterprises' business processes, and should be secured with as much care as PCs and the corporate network.”