'Smart phones are the next target for hackers'

by CXOtoday Staff    Dec 29, 2009

The IT threat landscape has changed dramatically over the past few years. While yesterday’s attacks were meant simply to make headlines, today’s attacks have become more sophisticated and stealthy, targeting specific organizations to reap financial gain. The situation worsens as the world continues to shrink, and workers need to find effective ways to communicate with more people both inside and outside the organization. Vishal Dhupar, MD of Symantec India tells us more in this Q&A.

What is an endpoint? How has the concept of mobile endpoints come about?

An endpoint is a server, desktop, laptop or notebook computer that connects to the corporate network.

Until a few years ago, a majority of the endpoints that connected to a corporate network were PCs. Today the scenario is different. According to a recent IDC study, the number of worldwide mobile workforce will reach 1 billion by 2011 with Asia Pacific contributing to the maximum numbers. A direct consequence of this is that, laptops, smartphones, handhelds, and portable entertainment systems have all become a part of the business environment, bringing in the concept of mobile endpoints.

Why should endpoints be protected?

Organizations today face a threat landscape that involves stealthy, targeted and financially motivated attacks that exploit vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving organizations vulnerable to data theft and manipulation, disruption of business-critical services and damage to corporate brand and reputation. To stay ahead of this emerging breed of stealthy and resilient security threats, organizations must advance their endpoint protection.

How have endpoints traditionally been protected?

While administrators understand the importance of endpoint protection technologies, this often translates into making sure each endpoint has installed on it an antivirus, anti-spyware, desktop firewall, intrusion prevention and device control technology. Deploying these security products individually on each endpoint is not only time-consuming but it also increases IT complexity and costs. Organizations then need to provide management, training and support for a variety of different endpoint security solutions. Also, differing technologies can often work against one another or impede system performance due to high resource consumption.

Have smartphones become the next destination for hackers? Why so?

Yes, while threats to handheld devices such as smartphones are relatively rare compared to those targeting PCs, smartphones are becoming the next destination of hackers. In fact, we are now seeing that a lot of threats such as spam and phishing are increasingly "going mobile."

According to a Garter global report, the Asia Pacific and Japan region makes the highest contribution to mobile transactions both in terms of the number of users as well as the transactional volume. Consequentially, as more users transact using handheld devices, the financial incentives for virus writers and mobile hackers will follow.
Add to this the fact that the technical capabilities of smartphones are catching up to PCs at a rapid rate. Email, instant messaging, online banking, online shopping, and Web surfing are all possible.

Consequently, since 2004, we are seeing that the number of threats targeting handheld devices has doubled every six months.

What risks does an unsecured endpoint pose to an enterprise?

We all know that data loss risk is the biggest risk to enterprises. Which is why, all endpoints in enterprises, including smartphones need to be secured with equal zest if we want comprehensive security. Smartphones are now being used the same way as computers. They’re accessing the same information.

The basic failure to protect these devices exposes companies to three key risks:

* Compliancy risk — Not considering mobile devices will put system and regulatory audit results at risk

* Data and privacy risk — Lost phones and mobile threats place customer data, financial data, and other confidential data at risk. Left unprotected, smartphones represent the weakest link in an enterprise’s IT infrastructure. Studies show that a smartphone is lost 15 times more frequently than a laptop.

Business and network stability risk — Compromised smartphones can disrupt the network IT operations, and ultimately the business.

What steps can enterprise take to secure handheld devises?

Enterprises can undertake the following steps to secure their handheld devices just as they would their laptops and PCs. Ideally this would include, managing employee smartphones and PDAs throughout their entire lifecycle, from activation to retirement. Specifically, it means deploying a solution that combines antivirus, advanced firewall, antispam for SMS, and data encryption technologies.

In addition, the solution should:

* Provide tamper protection to secure against viruses, "snoopware," and other malware

* Encrypt and decrypt data in secure folders while logging access to device files in real-time

* Remove SMS spam by automatically filtering and deleting messages