Security vendors failing to tackle mobile malware, say CISOs

Smaller point solutions are dominating the market, as traditional vendors get left behind

Malware is still the biggest threat to mobile security, but most mobile device management (MDM) strategies tend to focus on securing the physical device in case of loss of theft, rather than protecting from cyber threats, according to Peter Gibbons, head of Information Security at Network Rail.

Speaking at the Infosecurity Europe 2013 press conference in London this week, Gibbons said that although mobile malware still only represents a tiny fraction of the total amount of malware in the world today, it is growing exponentially.

"Sooner or later someone is going it get it right and find a vulnerability in iOS or Android or Windows 8 - whatever it happens to be - and they're going to cause a significant loss of data through injected malware. In my view it's a matter of time," he said.

Gibbons said that the scarcity of anti-malware products for mobile is a result of the way the security industry has evolved. Fifteen or twenty years ago it was all about anti-virus and firewalls and intrusion detection, but more recently the industry has become more concerned with protecting data.

"We started progressing away from securing the platform to securing the data, and then we got a new platform and it hasn't had that experience built into it, so I think there is a general naivety around that," he said.

The traditional security vendors have also been slow to come up with mobile-specific security solutions, which has resulted in the market becoming dominated by smaller MDM companies like TouchDown and Good Technology, according to Gibbons.

"I get probably 10-15 calls a week from a technology vendor saying, can I come and meet you to tell me how brilliant my product is?" he said.

"When they're talking about mobile security technologies, it's not the big security companies. It's the smaller security companies, the single products, and they've broken into that market. I'm not getting McAfee and Symmantec asking about my mobile security."

Although the traditional vendors are being left behind, however, the industry as a whole is moving in the right direction according to Andrew Yeomans, board member of the Jericho Forum. He added that mobile malware is still a fairly low-level concern for Chief Information Security Officers (CISOs).

"We ought to be aware that it's a possibility, but it's not something that's going to make me lose a lot of sleep for quite a long time," he said.

Yeomans added that we are currently in the second phase of a major change in the security landscape. The first focused on controlling the network; then the network expanded and started connecting to thousands of devices, so the security moved down to the end points.

"The third phase is when we realise it's actually very expensive to do that, and most of the data we're passing round doesn't need protecting anyway, so let's move the protection down to the bits of data that actually matter to us," he said

"Then it doesn't matter where you go, you can't actually access those bit of data unless you've got the appropriate keys and permissions to do so."

The Infosecurity Europe summit takes place between 23-25 April 2013 at Earl's Court London.

Tags Mobile &ampsecurityNetworkingwireless

1 Comment

JonBays

1

The big AV vendors rose on the inflection from perimeter to end point security but have missed the inflection from protection of the network and end points to securing the important data because they are still held up by their predominantly black listing approach which is no longer valid. Application whitelisting, data encryption and access controls are more where we are heading now.

Comments are now closed

 

Latest News

04:00PM
Over a quarter of Australians won’t bank on their mobile: Kaspersky
Oct 31
HDS A/NZ Partner Summit 2014 in Noosa (+15 photos)
Oct 31
The Google shakeup continues: Andy Rubin is out
Oct 31
Impact Systems boss wants to buy 10 resellers
More News
05 Nov
LIVE Webcast: Lessons Learned from the Biggest Security Breaches
05 Nov
vForum 2014
10 Nov
Ascom Myco Launch Event
11 Nov
DCIM Certified Solutions Professional
View all events