- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
CSO - Apple devices -- ever more popular in the workplace -- are about to become more popular with cyber criminals.
That is one of a number of findings in security vendor Zscaler's Q1 State of the Web Report that should be unsettling to enterprises that permit employees to "bring your own device," or BYOD.
The biggest mobile targets of malware so far have been devices powered by Android, since it is in the widest use and is an open platform.
But that may change soon. Zscaler's report said in a survey covering 200 billion transactions, Apple iOS web traffic jumped from 40% in the last quarter of 2011 to 48% in the first quarter of 2012, surpassing Android, which dropped to 37%.
More iOS traffic means more Apple devices in use at enterprises, which is likely to make them more attractive to cyber criminals.
And a significant majority of enterprises allow BYOD: A survey released in April by the SANS Institute found that 61% of more than 500 companies surveyed allowed BYOD. A press release announcing the survey included as part of its headline: "Lack of awareness, chaos pervades with BYOD."
The so-called "consumerization of IT" is an apparently unstoppable trend. And most businesses don't want to stop it, because of the advantages that collaboration and social networking with mobile devices can bring to the enterprise. Still, increasing security threats could undermine those advantages.
Blake Turrentine, CEO of HotWAN and trainer at Black Hat, has been a penetration tester for more than 12 years. His continuing mantra is, "most everything you do on a smartphone can and may be monitored," although he does qualify that by saying he believes Apple iOS devices that are kept up to date with the latest firmware are relatively secure.
Rachel Ratcliff Womack, a vice president with the digital security firm Stroz Friedberg, told The Bottom Line's Herb Weisbaum on MSNBC that most people carry both business and personal information on their mobile devices. "It brings those two worlds together in a very convenient package for criminals to target," she said.
And the damage malware can do is the same as on other devices: steal personal information, drain bank accounts and spy on users.
"[Yet] users may view these devices as eminently secure, when in reality they are just waiting to receive more attention from cyber criminals," James Lyne, director of technology strategies at the online security firm Sophos, told Weisbaum.
In the face of these impending threats, multiple security surveys find both employees and employers appear to be relatively blasé about them. SANS reported that only 9% of companies participating in its survey said they were "fully aware" of all the devices accessing their networks. Another 50% were "vaguely or fairly" aware. Nearly a third of the companies said they had no management policy for employee mobile devices.
Some of this may be inevitable. Turrentine says he doubts that enterprises can control their employees' personal devices. "Users control their own phones," he says, acknowledging that this is "a big [security] hole." The proliferation of smartphones, alone with their ever-expanding capabilities means "the attack surface is expanded," he says, noting that Apple devices are prized because of their cutting-edge functionality.