Security vendors failing to tackle mobile malware, say CISOs

Smaller point solutions are dominating the market, as traditional vendors get left behind

Malware is still the biggest threat to mobile security, but most mobile device management (MDM) strategies tend to focus on securing the physical device in case of loss of theft, rather than protecting from cyber threats, according to Peter Gibbons, head of Information Security at Network Rail.

Speaking at the Infosecurity Europe 2013 press conference in London this week, Gibbons said that although mobile malware still only represents a tiny fraction of the total amount of malware in the world today, it is growing exponentially.

"Sooner or later someone is going it get it right and find a vulnerability in iOS or Android or Windows 8 - whatever it happens to be - and they're going to cause a significant loss of data through injected malware. In my view it's a matter of time," he said.

Gibbons said that the scarcity of anti-malware products for mobile is a result of the way the security industry has evolved. Fifteen or twenty years ago it was all about anti-virus and firewalls and intrusion detection, but more recently the industry has become more concerned with protecting data.

"We started progressing away from securing the platform to securing the data, and then we got a new platform and it hasn't had that experience built into it, so I think there is a general naivety around that," he said.

The traditional security vendors have also been slow to come up with mobile-specific security solutions, which has resulted in the market becoming dominated by smaller MDM companies like TouchDown and Good Technology, according to Gibbons.

"I get probably 10-15 calls a week from a technology vendor saying, can I come and meet you to tell me how brilliant my product is?" he said.

"When they're talking about mobile security technologies, it's not the big security companies. It's the smaller security companies, the single products, and they've broken into that market. I'm not getting McAfee and Symmantec asking about my mobile security."

Although the traditional vendors are being left behind, however, the industry as a whole is moving in the right direction according to Andrew Yeomans, board member of the Jericho Forum. He added that mobile malware is still a fairly low-level concern for Chief Information Security Officers (CISOs).

"We ought to be aware that it's a possibility, but it's not something that's going to make me lose a lot of sleep for quite a long time," he said.

Yeomans added that we are currently in the second phase of a major change in the security landscape. The first focused on controlling the network; then the network expanded and started connecting to thousands of devices, so the security moved down to the end points.

"The third phase is when we realise it's actually very expensive to do that, and most of the data we're passing round doesn't need protecting anyway, so let's move the protection down to the bits of data that actually matter to us," he said

"Then it doesn't matter where you go, you can't actually access those bit of data unless you've got the appropriate keys and permissions to do so."

The Infosecurity Europe summit takes place between 23-25 April 2013 at Earl's Court London.




The big AV vendors rose on the inflection from perimeter to end point security but have missed the inflection from protection of the network and end points to securing the important data because they are still held up by their predominantly black listing approach which is no longer valid. Application whitelisting, data encryption and access controls are more where we are heading now.

Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Mobile &amp, security, Networking, wireless
Get exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
ARN Vendor Directory

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.


Latest News

Apr 17
Splunk exec defects to tech disruptor Elasticsearch
Apr 17
JCurve acquisition to boost telco play following $A2.5m capital raising
Apr 17
Vodafone tackles FIFA World Cup with $5 roaming in Brazil
Apr 17
Kim Dotcom says he's set to get assets back
More News
24 Apr
The China Healthcare ICT Conference 2014
05 May
CeBIT Australia 2014
06 May
Oracle Day 2014 - Across 2 Cities
06 May
Oracle Day 2014 - Across 2 Cities
View all events