"More trouble" brewing as mobile threats multiply "exponentially", ex-ISACA chief warns

Mobile threats are becoming more complex, and more difficult to deal with as more and more devices become connected, a former vice-president of security trade body ISACA has warned.

“Expect more trouble,” Rolf von Roessing warned an audience of IT professionals at the 2013 EuroCACS conference. Roessing warned that iPhone users would not be immune - and that even companies which attempted to audit and control mobile devices would still find 30-40% “flying under the radar”.

““Android is currently more of a target than iOS, but attacks are happening against Apple mobile devices and, when they are breached, it is usually fairly serious,” Roessing said, according to a report in Computer Weekly.

Roessing described the threats affecting Android as multiplying “almost exponentially”. He recommended that staff addressed the problem of apps which have extensive “permissions” to access functions on devices.

Roessing said that firms which allowed users to “bring your own device” - BYOD - faced additional challenges, such as brand-locked mobiles which prevent the use of device management systems, and individuals who refused to hand over personal devices for security audits.

Roessing described the complex network of threats from connected “internet of things” devices and accelerating network speeds as a “tidal wave”.

“For effective protection, security professionals need access to mobile operating systems, but this is not always possible and consequently 30% to 40% of devices are under the radar,” said von Roessing.

“In the light of bring your own device (BYOD) programmes, it is more important than ever for end users to be aware of the risks involved,” Roessing said. “Organizations need to set aside adequate budgets to deal with these challenges comprehensively, otherwise all efforts will simply be a waste of money because of all the security gaps,” he said.

Roessing advised that companies ensure users are aware of risks - and recommended that companies rely on either an internal team to deal with security, or a trusted third party which could react quickly in event of a breach.

ESET Senior Researcher Stephen Cobb analyzes some of the risks facing Android users in a detailed blog post here. Cobb also offers tips on security for businesses in a guide, "Cybersecurity: Road Map for Businesses."