As some of you may know, Symantec issues Internet Security Threat Reports each year. While there were a number of noteworthy findings in the most recent edition, the most striking was that more than one in three data breaches involved a mobile device, a finding that should only reinforce the concerns that gave rise to yesterday’s post about the use of employee’s personal devices for work. I have attached a PDF below of the report for those of you who want to read it but want to avoid having to get on Symantec’s mailing list. (Just kidding, Symantec).
Symantec expects cybercriminals to increase their attacks on mobile devices in 2011 and 2012. As the executive summary ominously observes: “The installed base of smart phones and other mobile devices had grown to an attractive size in 2010. The devices ran sophisticated operating systems that come with the inevitable vulnerabilities—163 in 2010. In addition, Trojans hiding in legitimate applications sold on app stores provided simple and effective propagation method. What was missing was the ability to turn all this into a profit center equivalent to that offered by personal computers. But, that was 2010; 2011 will be a new year.”
Other highpoints of the report include:
- The specific targeting of individuals through the use of information gathered through social media information is expected to increase. For more on this practice, known as spear-phishing or in the case of high value targets such as CEOs, whaling, please see my November 4, 2011 post.
- Currently most malicious code for mobile devices consists of Trojans that pose as legitimate applications. These applications are uploaded to mobile “app” marketplaces in the hopes that users will download and install them.
- Attack toolkits continue to lead in Web-based attack activity because “[t]heir ease of use combined with advanced capabilities make them an attractive investment for attackers.”
In addition to identifying these threats, as the Womble Carlyle Trade Secret Blog wryly notes, Symantec has also recently supplied a profile of your friendly neighborhood trade secret thief. He is 37 years old, white, male and probably a programmer or engineer. That should narrow things down.