Are Phones Smart Enough?

Smartphones, social networks and location-based services like Foursquare and Gowalla are generating a lot of buzz. But it is for that very reason that they also represent a big risk to computer security.

By Patricia Vowinkel

In its 2011 Threats Pre-dictions, McAfee Labs said it has seen a significant change in how malicious code and links are distributed, noting that 2010 ended with some of the lowest global e-mail spam levels in years.

But the spammers and cyberthieves haven't given up and gone home. Instead, they are moving with the times and stirring up trouble in other ways, targeting smartphones and social networks, which offer vast amounts of personal information.

Welcome to the 'Big Data' Era (09/15/11)
The Hack Attack Worsens (08/01/11)
Beating Back the Breach (06/01/11)
Finally Going Mobile (09/01/11)
Business as Usual Off the Table (10/01/11)

The popularity of smartphone "apps" is opening the door to a wide range of suspicious and malicious applications. Locative services such as Foursquare and Gowalla are also a potential problem. These services allow you to easily search, track and plot the whereabouts of friends and strangers. But cybercriminals can use this information to craft targeted attacks, according to McAfee.

To get a better sense of the computer security risks facing the business world, I spoke with Ben Beeson, partner in the global technology and privacy risks practice at Lockton.

In his view, mobile devices such as smartphones, so-called "hacktivism" and social networks will be a problem for businesses in 2011.

The biggest targets for data breaches are still financial institutions, retailers and healthcare providers. These businesses are targets because they store vast amounts of personal information, such as Social Security numbers, bank account numbers, credit card numbers and other information that can be used as identifiers in scams.

While risk managers have become more sophisticated and have taken measures to lock down the traditional risk of data breaches, they now have what he describes as "massive vulnerability" when it comes to mobile devices.

In particular, he said the healthcare industry lags considerably in its security control efforts.

The main way to combat breaches, he said, is by encrypting the information. But the McAfee report noted that because of our historically fragile cellular infrastructure and slow strides toward encryption, user and corporate data may face serious risks.

Businesses can also expect to see a rise in hacktivism, or politically motivated hacker attacks.

MasterCard, PayPal and Visa, for instance, came under attack in early December from a band of hacktivists angry at those companies for giving into government pressure to take action against Wikileaks.

These types of attacks will become more common and risk managers will need to give thought to the potential risk of hacktivist retaliation.

Social networks have also become an issue for businesses because people log on to these sites at the office or access them through their smartphones.

Social networks can be used by thieves as a way to get information as they pose as a friend or a coworker.

While people may have become savvy about questionable e-mails, they are not yet as aware of the dangers of giving out information, such as date of birth, over a social network. "We see a lot of phishing," Beeson said. "A lot of people are duped by that."

Risk managers need to pay attention and know who is doing what on their corporate network.

For the rest of us, we have to tighten up our privacy settings and stop being so gullible.

PATRICIA VOWINKEL has worked for national media outlets for more than 20 years.

February 17, 2011

Newsletter Sign-up