After studying half of all US mobile network traffic in the last quarter of last year and finding malware in only 0.0064% of mobile devices, security firm Damballa suggests that the chances of developing a mobile malware infection are less than the lifetime risk of being struck by lightning – which is 0.01%.
In the fourth quarter of 2014, only 9,688 devices out of a population of 151 million devices in the US contacted malware domains, according to Damballa.
Although others have expressed skepticism about whether Damballa’s technology could detect all malware, it certainly appears that mobile malware is much less of a threat than first thought.
Damballa scientific researcher Charles Lever said:
“Mobile operators and platforms have invested significant resources in preventing malicious applications from being installed, especially in North America. For example, iOS developers must submit an application for approval before their app is available on iTunes.
“And Google has developed ‘Bouncer,’ a system that scans submitted apps for evidence of malware.”
Mobile devices at work: BYOD
While the mobile malware threat is negligible for consumers, using cell phones or tablets on corporate networks considerably expose your companies to a number of risks:
- Employee devices will have to connect to the corporate network, which raises the specter of unauthorized access to corporate information, malicious activity, malware infections and so on.
- Employee devices will be used for processing data that is protected by regulations such as the PCI DSS, HIPAA, GLBA etc. – and the employer remains accountable for the safe processing of that data.
- Employee devices could store both corporate information and protected personal information. If an employee loses the device or leaves the company, the employer will have to recover the data.
- Employee devices might be equipped with applications that are not available on corporate devices, and the organization’s rules about what is and isn’t allowed will be breached from the outset.
For organizations that do allow staff to connect to the network over their mobile devices, a BYOD policy is essential. It provides a framework to help staff clearly see what is and isn’t allowed, and helps you achieve improved productivity, reduced capital expenditure, and a better work-life balance for employees.