Everyone knows you should have antivirus applications running on your work and personal computers, but far fewer people take seriously the threat of malware attacks to their mobile devices – no matter how much security professionals warn them to do so.
The reason for this, particularly when it comes to corporate users, is pretty simple: they don’t care and they don’t have a reason to.
Part of the problem is that malware attacks on mobile platforms still are relatively rare. Compared to the volume of malware targeting desktop platforms, mobile malware is a drop in the ocean. However, some data shows that mobile malware is increasing, specifically on Android, which has massive market share and is a frequent target for attackers with attacks such as the OpFake Trojan.
Generally speaking, according Tyler Shields of security firm Veracode, corporate smartphone users don’t think that the risk is real, or if they do, that it is so slim that it won’t impact them. They assume that all apps downloaded from an official marketplace are secure and, anyhow, antivirus programs can be a drag on their computers, so why bother slowing down their phones?
Conversely, companies don’t give their users any reason to take the threat seriously. They don’t offer financial incentives to do so and they don’t implement coercive incentives – punishments for what would happen if their phones were successfully attacked as a result of user negligence. And most corporations don’t ingrain any type of moral imperative by creating a culture where the threat of smartphone attacks is widely understood and the measures needed to prevent them is implicitly valued.
The solution says Shields, is for corporations to take the imperative out of users’ hands and place the responsibility on IT departments. Employee smartphones must be distributed with security measures already installed, all applications safely pretested and users must be given a white list of approved applications that they can download going forward.
Only by assuming the responsibility can corporations begin to ensure that the smartphones they distribute – and the data stored on them – will stay secure.