Considerations should be made for security of smartphone device and not just the data transfer
Reports of smartphones being phished should lead to correct security of devices by IT departments.
Following yesterday's report that there had been a 100 per cent successful impact of three major smartphone brands with an experimental phishing campaign, Terry McCabe, CTO of Airwide, claimed that there has been too much of a focus on securing the transmission and not the device.
McCabe claimed that if you look at this as an example of email spoofing, it is demonstrative of the problems of the linkage between the solution and the device.
McCabe said: “Most solutions service communication rather than security and most views of the issue are of securing wireless email, they have protected the communication rather than the differences of the mobile device.
“If you look at the smart device, it has got security and corporate applications and a totally unsecure environment on the same device. The potential for malware to bridge the gap as a gateway is tremendous. This is one of the reasons why you need to take a holistic view of security towards the device, you can do all that with SMS, but email is left alone.”
McCabe also claimed that as information contained on smartphones becomes more confidential, it can cause a financial impact if the PayPal application, that has cached PINs and transactions, is compromised.
Commenting on mobile anti-virus, McCabe said: “There are certainly a number of players in the market that are looking at how to create solutions for the environment, and also my understanding is that the creators of the device are looking for partnerships. Apple's strategy is to pull together an integrated solution, to introduce the capability is a powerful approach but it is still not there.”
The next step may be for IT departments to have a central management of smartphone devices. McCabe claimed that in the future, we will see companies implementing this type of approach as they move to put security capabilities into the IT department of an organisation.
McCabe said that there has been instances where companies have implemented policies around the internet and usage and the policy applies to desktops, but once you access these sites by a smartphone you lose control of policy.
“This is a step forward, a way in which there is secure authority, and you can ensure that people are adhering to the policy, or it depends on the individual to keep the device clean and use it in a certain way and do whatever they want, and no company will tolerate that,” said McCabe.