Story image

Lax mobile security attitudes put banking & finance sectors at risk

24 Oct 17

Financial institutions should take a closer look at the risks mobile devices bring to their businesses because as many as 28% of those devices are compromised or under attack – at least that’s the word according to Symantec’s Q2 2017 Mobile Threat Intelligence Report.

While keeping devices up to date with the latest operating security patch is one of the ‘simplest and most important’ precautions users can take, around 13.2% of devices are not running the current major version of the operating system and 99% may not be on the newest minor update.

Symantec says that mobile devices often have fewer security measures; are on and connected 24/7; connect to public WiFi networks; blend business and personal activities; and have more attack vectors such as SMS, email, apps and WiFi.

“Combined, these factors make mobile exploits very attractive, and there are many creative social engineering exploits that will fool even the most cautious financial executive, especially when the ploy could be business or personally oriented to compromise the same device,” the report says.

Between April 1 and June 30, 2017, 15.3% of devices encountered network attacks and 25.9% had unpatched vulnerabilities.

According to Symantec’s Brian Duckering, security experts and financial institutions are familiar with the stats.

He mentions in a blog that financial breaches are still happening, and are the most costly of any industry.

“Because of how user notifications might work (or not work), most users and enterprises don’t know when upgrades with security patches are available. Some Android users may never get a notice for their device at all! Then it’s left up to the enterprise and its users to install those patches, which exacerbates this critical gap in mobile security,” he explains.

The report also cites rooted and jailbroken devices as methods both end users and hackers use to gain more control of their devices.

“Because of the greater control over the device that this affords, it is a common goal of hackers to figure out ways to root or jailbreak devices, and malware is a common way to do that. A user that roots or jailbreaks their own device should be aware that they may be simply making it easier for hackers to exploit, so it is not generally recommended,” the report notes.

Here are five rules to follow to dramatically reduce the risk of mobile cyber attacks:

  • Don’t click, install or connect to anything that you are not confident is safe
  • Only install apps from reputable app stores
  • Don’t perform sensitive work on your device while connected to a network you don’t trust
  • Always update to the latest security patch as soon as it is available for your device
  • Protect your device with a free mobile security app.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.