ISACA report estimates a significant increase in malicious advertising and other malicious malware for mobile devices in coming years, as cyber criminals take advantage of this trend.
The recent change in the enterprise application platforms from desktops to mobile devices produced many exciting benefits that organizations could identify and exploit to provide a workplace more flexible and comfortable.
Unfortunately, certain individuals and groups with less honorable intentions also realized that change. With that in mind, it is essential that organizations follow the following questions as you prepare for an increasingly mobile world.
How can you quantify the risk of mobile applications?
As the malware is hidden inside applications that seem legitimate, organizations increasingly struggle to quantify that specific risk. Despite these challenges, Ernst & Young recently collaborated with Interactive Advertising Bureau to calculate some basic figures.
With a focus on digital advertising sector, the study found that digital advertising, piracy, and invalid traffic united to form a set of malicious factors which costs the industry $8.2 billion per year. Only malicious advertising revenues meant a loss of $1.1 billion.
Another reason why the malicious advertising is so difficult to quantify is that, over time, it is becoming more sophisticated. What it was once just an image with a link to malicious content evolved into an extremely subtle and passive injection method that does not require almost any interaction with the victim.
The same technology that allows display ads are animated and interactive content now allows criminals to run malicious code on the device. As you increase the complexity of malicious advertising strategies used by organizations to combat it must also evolve.
How can you integrate this quantification in a mobile security strategy successful?
To overcome the growing threat of malicious advertising, it is not enough to follow the strategy of “safe navigation.” After all, malicious advertising affected a record number of users last year when some of the most popular websites unwittingly showed malicious advertisements. Conclusion: What you need to fight an intelligent threat is a smart strategy.
The integration process of protection against malicious advertising in the current strategy against mobile threats starts with the data. The tools for such data allow you to analyze more thoroughly transit sometimes hidden mobile applications, and access points are the key to detecting threats before they can cause damage.
These tools include network monitors that can detect traffic patterns that deviate from established standards. This process will highlight applications and advertisements that are preparing unauthorized routes or diverting traffic to malicious destinations.
Once the monitoring services are implemented, the next step should be to take advantage of the data flow. Platform security monitoring helps a lot to increase the visibility of mobile threats, combining all sources of threats for automated and manual analysis. The sources such as traffic and environment scans terminals, systems and identity access management provide an overview of the state of the mobile environment.
The consolidation process of mobile device security, data, networks, and terminals will also help simplify infrastructure management and reduce pressure mobile threats.
In the end, the malicious advertising is just one more piece of the complex puzzle of cyber security. When you deploy tools focused on data and managed security platforms to analyze the generated information, it can be a little quieter because it knows it has a perspective of comprehensive security of the mobile infrastructure.