mobile malwareLast year alone on Google’s mobile Android platform, Trend Micro detected 350,000 “malicious and high-risk” Android app samples, according to a report by the digital security firm. That’s an increase from the 1,000 samples it saw the previous year. Only 20% of Android device owners use a security app, the company has found. [http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-repeating-history.pdf]
Right now, most hacks cyber criminals employ focus on picking up one-time-passwords sent to mobile phones. “They are not there, yet,” says Pascual of digital deception. “[Hackers] are just dipping their toes in the water, attacking those one-time-passwords.”
Akamai commissioned research by IDC Financial Insights to further understand these threats. The resulting whitepaper, titled ‘New Threats Demand Innovative Responses,’ exposes some of the challenges that IT departments and their business-side counterparts face in responding to these threats. Some of the major recommendations include:- IT security teams need to ensure that security strategies are reflective of business goals and strategic direction where the growth of the digital banking channel is concerned. This requires IT to be involved in the design and development of new products and services from the outset, particularly where newer interaction mechanisms – namely mobile and social – are involved.
- [i]“As a priority, banking IT security teams must become more knowledgeable regarding the threats posed by mobile malware. While the likelihood of attack is currently low, IDC Financial Insights believes this situation will change in 2012, as cyber criminals seek ways to exploit vulnerabilities in mobile OSs and develop more sophisticated methods by which to perform fraudulent activities.
- Banks should continue – or in some cases commence – to educate customers as to how they can identify fraudulent attempts to gain access to personal financial data (by means of phishing or smishing attacks). Historic fraud education methods have, in IDC’s opinion, often been found wanting. Interactive training, where banks simulate phishing and smishing attacks to ensure customers know what signs to look out for and how to react offers a better alternative. i.e. Smishing attack is a form of SMS spam.
- If existing security technology suppliers are lagging behind in the provision of dedicated solutions to improve the robustness of the mobile channel, institutions should consider using specialist niche vendors who solely concentrate on innovations in mobile security.
- IT departments should seek ways to better engage with business-side users in order to obtain executive sponsorship (and budgetary contributions) for initiatives to improve digital banking security. Conversely, business-side users should not get ahead of their skis and consider launching new services or applications before they have been adequately assessed and signed-off by IT security.
- Innovations in digital banking can still occur, provided they are underpinned by suitably innovative security solutions.
- With an increasing number of attacks expected through both PC and mobile devices, banks should plan their survival strategies accordingly. Ultimately it is far better to be over-prepared rather than woefully ill-equipped to deal with the consequences.” Rich Bolstridge January 24, 2012 3:38 PM
Rich Bolstridge. “New Security Threats in Online Banking Demand Innovative Responses”blogs.akamai.com, Available at:https://blogs.akamai.com/2012/01/new-security-threats-in-online-banking-demand-innovative-responses.html,accessed on August 21, 2013 @1746 hrs.