Misconfigured apps will account for the majority of mobile security breaches
Security incidents originating from mobile devices are currently pretty rare. But with 2.2 billion smartphones and tablets set to be sold in 2014 and PC sales in decline, the focus of security breaches is likely to shift towards mobiles in future years.
According to research specialists Gartner by 2017 misconfiguration of applications will account for 75 percent of mobile security breaches.
Dionisio Zumerle, principal research analyst at Gartner says, "Mobile security breaches are -- and will continue to be -- the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices".
An example would be the use of public cloud services to store enterprise data which may lead to leaks that the company is unaware of. To do significant damage though malware needs a device that has been altered at the admin level.
"The most obvious platform compromises of this nature are 'jailbreaking' on iOS or 'rooting' on Android devices. They escalate the user's privileges on the device, effectively turning a user into an administrator," says Zumerle.
Rooting or jailbreaking devices can open them up to attack by removing app-specific protection. It may also make them more vulnerable to brute force attacks on pass codes.
For businesses the best defense is to keep devices in a fixed configuration via mobile device management (MDM) policy, supplemented by shielding apps and using containers to protect key data.
Gartner's recommendations for IT managers include requiring set length and complexity for pass codes and strictly enforcing retry and timeout standards. Specifying platforms and operating systems and disallowing any that can't be updated or supported. Restricting the use of unapproved app stores and enforcing a no jailbreaking/no rooting rule. IT departments also need to use network access control methods to deny enterprise connections for devices that exhibit potentially suspicious activity.
"We also recommend that they favor mobile app reputation services and establish external malware control on content before it is delivered to the mobile device," says Zumerle.
The future of mobile security will be discussed further at the Gartner IT Infrastructure & Operations Management Summit 2014 taking place on June 2-3 in Berlin, Germany and June 9-11 in Orlando, Florida.