Mobile Apps Must Roll Back Welcome Mat for Cybercriminals

Mobile apps need to button up vulnerabilities, and become part of the cybersecurity solution.

Mobile devices may seem like the pinnacle of digital sophistication, but in terms of security, they lag far behind laptops and desktops—meaning that the mobile trove of valuable consumer information, browsing histories and location tracking is more vulnerable to attack.

In its Cyber Risk Report for 2016, Hewlett Packard Enterprise found that 75 percent of the mobile apps it scanned contained a "critical or high-severity" vulnerability.

And consider this data from Dimensional Research: In a 2017 survey, 20 percent of companies said their mobile devices had been breached. Of this number, 79 percent acknowledged that it’s becoming harder to secure mobile devices, and nearly all (94 percent) respondents expected the frequency of mobile attacks to increase.

These attacks will most certainly increase—real-world data from antivirus company Avast indicates that there are millions of new threats every day, ranging from enterprise-class spyware to botnets and adware.

As the number of connected devices proliferates with the rise of the Internet of Things, the issue of security will only become more important.

Perhaps it’s time for a new approach.

Changing times

Cybersecurity attacks over the last decade have undergone an important paradigm shift. In the early days—the 1980s and 1990s—hackers were in the attack business for bragging rights, or to expose vulnerabilities; they were lone wolves trying to prove their talents to the world. These days, it’s all about the money—cybercrime has become an industrial-scale operation. These criminal syndicates hone in on mobile because consumers now push trillions of dollars in payments through their mobile devices.  

The groundwork for this change was laid around the year 2000, when cybercriminals found vulnerabilities in the Windows operating system. More holes meant more opportunities to exploit. The proliferation of devices meant that the number of opportunities for exploit increased exponentially.

What was once about hacking one device has evolved into attacks against millions of devices at a time, and those coordinated attacks quickly spread to mobile devices.

Considering the frequency of the attacks, and considering how smart the criminals were getting, mobile device companies knew they had to take action to maintain security, so they automated defenses and leveraged smart algorithms to keep devices safe. According to Rajarshi Gupta, Vice President of Data Science at Avast, this means computers essentially are policing themselves.

“Today less than one percent of mobile security is managed by humans,” he says, adding that the remainder is handled by the hardware itself and software apps.

That means mobile cybersecurity now is about building solutions that can identify and block attacks quickly. It’s about teaching machines how to minimize risk.

Yet because phishing, malware and ransomware attacks are always changing—cybercriminals are always getting smarter in planning attacks.

What’s next

What if devices themselves become part of the solution instead of part of the problem? The idea behind this approach is simple. The concept uses software to turn mobile devices into active sensors that constantly monitor security threats, feeding the threat detection network information to fight against cybercrime. Together, all active users contribute to a continual stream of data that facilitates machine learning at unprecedented speeds.

Equipped with knowledge from this army of users, cybersecurity providers can employ artificial intelligence and local monitoring and detection that gives them the ability to use specialized baits and traps to detect, defuse and defeat malicious activity on any device.

The result just might turn a weakness into a strength—and bolster overall cybersecurity as a result.

Previously published on Reuters Plus website.

--> -->