A full 99 percent of mobile malware targets Android devices, according to research from Kaspersky Lab. As the bring-your-own device (BYOD) phenomenon proliferates and Android smartphones and tablets become more popular, that rising flood of malware threatens to bring a raft of Trojans to businesses of all sizes, with small- and medium-sized companies especially at risk. Against that backdrop, channel partners adding security and mobile device management (MDM) to their portfolios could be well positioned to help fill a critical SMB business need.
According to the Kaspersky Security Bulletin 2012, the lion’s share of newly discovered mobile malicious programs target the Android platform, with a very small amount targeting Java- and Symbian-based smartphones. The growth trajectory has been staggering: From a negligible eight new unique malicious programs in January 2011, the average monthly discovery rate for new Android malware in 2011 went up to more than 800 samples.
In 2012 Kaspersky Lab identified an average of 6300 new mobile malware samples every month. Overall, in 2012 the number of known malicious samples for Android increased more than eight times.
Trojans make up the bulk of the threat. SMS Trojans drain victims’ mobile accounts by sending SMS texts to premium-rate numbers. Backdoor Trojans provide unauthorized access to a smartphone, making it possible to install other malicious programs or steal personal data. And spyware targets the unauthorized collection of private data, such as address books and passwords (or even personal photos in some cases).
In the first half of 2012, these three species combined accounted for 51 percent of all newly discovered Android malware.
Less widespread but by far the most dangerous are mobile banking Trojans that often work in conjunction with their desktop counterparts, stealing online banking credentials and other financial account information.
The problem is that SMBs often lack the resources and awareness to stay current with their security profiles. A report on 1,015 U.S. SMBs by the National Cyber Security Alliance and Symantec found that a shocking 83 percent have no formal cybersecurity plan, and more than three-fourths believe their companies are safe from cyberthreats such as hackers, viruses and malware. However, the reality is that SMBs are actually more prone to attack.
“It’s terrifying that the majority of U.S. small businesses believe their information is protected, yet so many do not have the required policies or protection in place to remain safe,” said Brian Burch, vice president of Americas marketing for SMB at Symantec. “Almost 40 percent of the over 1 billion cyberattacks Symantec prevented in the first three months of 2012 targeted companies with less than 500 employees. And for the small, poorly protected companies that suffer an attack, it’s often fatal to their business.”
Of 26,000 targeted attacks that Symantec documented in 2011, half attacked businesses with fewer than 2,500 employees, and 18 percent targeted businesses with fewer than 250 employees. In the first half of 2012, 36 percent of targeted attacks were aimed at SMBs, double the number seen in the past six months of 2011.
“We want U.S. small businesses to understand they cannot completely remain safe from cyber threats if they do not take the necessary precautions,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “A data breach or hacking incident can really harm SMBs and unfortunately lead to a lack of trust from consumers, partners and suppliers. Small businesses must make plans to protect their businesses from cyber threats and help employees stay safe online.”
Channel partners have a role to play in the ecosystem, offering managed security services, plug-and-play firewall appliances, MDM and other options that offer a low-overhead, low-cost option for a layered security approach.