It seems nobody is safe from malware attacks these days –even the White House is taking notice. Last week, a Department of Homeland Security official acknowledged the threat of pre-existing malware on imported electronic and computer devices sold within the U.S. With the availability of malware entry points expanding — including ubiquitous IT such as emails, social media, smartphones and tablet computers — the threat is not going anywhere anytime soon.
Eighty-seven percent of 2,277 surveyed smartphone owners used their device to access the Web or email at least once a day, according to a recent report issued by Pew Research Center. Of those smartphone owners, 25% said that they mostly go online using their phone, rather than with a computer. Also last week, Trusteer CEO Mickey Boodaei told eWeek Europe that as smartphones grow in popularity, hackers are increasingly researching Apple iOS and Android for vulnerabilities. One in 20 Android mobile phones and iPhones will be infected by financial malware and Trojans within the next 12 months, he added.
Budget constraints, unawareness of the severity of new malware threats and a reactive attitude to malware contribute to the problem, according to reps from M86 Security in their report on new malware threats.
Despite a high level of concern expressed about the security of mobile devices, 14% of 382 companies surveyed in M86′s report have no solutions in place to protect users from Web-based threats. Researchers found that 78% of the organizations surveyed had experienced at least one malware attack during the preceding 12 months.
In addition, 49% of survey respondents acknowledged that although security breaches occur, they accept this as part of the cost of doing business. This complacent attitude toward malware could result in additional costs, bad press and lost revenue opportunities for companies involved.
The M86 report recommended that organizations consider addressing malware prevention, detection and remediation in two ways:
- Train users on how to properly surf the Web, what they should do when they encounter a threat (such as a spam email that contains a link to a website), how they should be wary of emails whose source is not known, how to spot phishing attempts, etc.
- Address the long-term, strategic impacts, such as malware detection and remediation at every ingress point, including email, smartphones, Web browsers and the growing multitude of other platforms from which malware can enter the network.
This probably does not have to be pointed out, but as IT becomes more sophisticated, so do malware attacks. More people have access to the Web, often in the palm of their hand. This makes their personal information — and sometimes, that of their employers — increasingly vulnerable to hackers. New malware threats are coming, and IT departments need to be on the look out and proactive about protecting themselves.