Why mobile security apps alone won't turn the tide on cyber-threats
Why mobile security apps alone won't turn the tide on cyber-threats

There's little doubt that mobile apps are becoming increasingly prevalent in our daily lives and that we can't live without them. Global app downloads hit record levels at the end of last year, according to a recent report from App Annie. Downloads across the two major app stores, Apple's App Store and Google Play, have reached nearly 26 billion worldwide – up eight percent over the same time last year. Statista even predicts that 352 billion apps will be downloaded by 2021 compared to 197 billion in 2017. 

However, when it comes to security, apps don't seem to be the best option. First the security problem: While laptop and desktop security have the eyes and ears of businesses and consumers, mobile security awareness is often confused, with uncertainty around who or what is responsible from keeping both devices and data safe. Facebook made headlines for suggesting mobile users protect themselves by using a VPN app owned by the company. Additionally, with cases of banking malware apps making their way into the Google Play store, the line between mobile security and vulnerability becomes increasingly blurred. While the average end-user is unaware of most of the potential threats and is additionally little provisioned to deal with them, recent mobile security incidents such as the BankBot Android Trojan and a fake Whatsapp circulating has thrust the issue to the forefront of the security agenda. 

On top of this, while evidence suggests that demand for security service is growing, uptake of mobile security apps is low; with mobile operators reporting typical penetration rates are around three to five percent. Operators have historically spent millions marketing legacy device-based security apps, which have consistently underachieved. So here's the elephant in the room: mobile operators are failing in motivating end-users to download, install and buy security apps, and pre-installed apps are just not good enough and are not always kept updated by users, leaving subscribers exposed to threats. In a mobile-centric era where attacks continue to rise in both magnitude and sophistication, the industry must face an uncomfortable truth: mobile security apps alone will no longer turn the tide on cyber-threats.

Why should service providers care about security?

There are many consequences of not putting adequate security in place to secure mobile networks. Brand reputations are built and lost on cyber-attacks, and mobile operators are no different. With the rise of Coinhive cryptocurrency mining, spam, information stealing Trojans and ransomware, many mobile threats are disguised in seemingly legitimate applications and websites, which put end users and the network itself at risk. There is also the IoT risk: a rapid expansion of devices on the network with no built-in security measures or app provision, leaving the network as the only line of defence to a botnet attack. End-users can also be exposed via browsing the web, WiFi and unsolicited emails (phishing). 

The low take-up mobile security apps suggest business users and consumers are looking for someone to deal with security on their behalf.  Mobile operators have the access and opportunity, as existing connectivity providers, to offer security-as-a-service. Recent figures suggest this is a far more convenient and comprehensive proposition, with uptake rates of up to 40 to 60 percent when customers are educated by the mobile operator on its benefits. This has a knock-on effect on the mobile operators' Net Promoter Score (NPS), in an age where companies are judged on how much we trust them and how they interact with us in this unpredictable digital world.

What will this year have in store for mobile security?

As guardians of the networks, mobile operators will play a pivotal role in fighting emerging threats as the mobile security landscape evolves. In McAfee's December 2017 Threat Report, figures suggested new mobile malware jumped by 60 percent, the spike being attributed to a large scale increase in screen-locking ransomware on Android.

As this year progresses, consumers and enterprise users alike will demand more proactive protection across the entire network connectivity chain. Mobile operators will be expected to support rising expectations for “built-in” security with a range of technical and operational innovations. The desire for greater security is a great opportunity for service providers to not only retain the trust of their customers against an army of malicious actors, but it will also offer the chances to differentiate, increase loyalty and reduce churn, if they embrace the need.

Contributed by Moshe Elias, Director of Product Marketing, Allot Communications

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.