Mobile and Cloud Computing Face Emerging Threats
Mobile devices can be thought of as sensors that enable new threats, like malicious software, and offer unparalleled glimpses into people’s lives.
Employee-owned devices make platform-specific security challenging, so focusing on protecting data may be more effective than securing the devices, according to the Georgia Tech report.
U.S. courts have not arrived at a consensus on government access to data. The implications of tracking ubiquitous mobile devices are not well understood.
The BYOD trend means insecure network devices and data stored on personal devices. Securing employee-owned devices is difficult, so malware can use smartphones and tablets as launch pads for attacks into corporate networks.
Because employees are using their mobile devices for work, corporate data gets stored in these relatively insecure environments, enabling intellectual property to be stolen.
Because of its alluring productivity gains and cost savings, BYOD is not going away, so companies will have to bar untrusted devices from accessing sections of their networks.
Google has added a permission-based security model, security controls, the ability to revoke applications, and an automated system to vet applications for Google Play. From the start, Apple went further by tightly controlling certain system functions and checking applications for potential malicious behavior.
Last August, Georgia Tech researchers showed that the App Store review process cannot prevent the introduction of malicious apps.
Although malware and hacks are significant threats to mobile device users, the Georgia Tech report says the legal use of data collected from smartphones and tablets is a far more pervasive threat.
Wireless carriers, manufacturers and application developers can collect user data, but it is not clear whether law enforcement can request this information without a warrant.
In 2012, the number of companies buying cyber insurance policies increased by a third compared to the previous year, according to Marsh, an insurance broker.
It is not always clear, however, what cyber insurance does and does not cover. Experts are working with insurance companies to set industry standards.