CIOs worry more about cyber threats with mobile computing

Cyber threats are now a much greater concern with the expansion of the use of mobile devices and services. At the same time online criminals have stepped up attacks via email, web and other traditional vectors. Recent research shows a nearly 600 percent increase in the use of malicious web links, representing over 100 million new global malicious websites. More alarming was the news that most threats bypassed their traditional controls and many companies are unprepared to meet emerging threats such as spear-phishing.

Security ManualTypes of threats are:

  • Web Threats. The web became significantly more malicious in 2012, both as an attack vector and as the primary support element of other attack trajectories (e.g., social, mobile, email). Websense has recorded a nearly 6-fold increase in malicious sites overall. Moreover, 85 percent of these sites were found on legitimate web hosts that had been compromised.
  • Social Media Threats. Shortened web links—used across all social media platforms—hid malicious content 32 percent of the time. Social media attacks also take advantage of the confusion of new features and changing services.
  • Mobile Threats. In a study of last year’s malicious apps revealed how they abuse permissions. Especially popular was the use of SMS communications, something very few legitimate apps do. Risks also increased as users continued to change the way they used mobile devices.
  • Email Threats. only 20% of all sent email is legitimate, as spam has increased to 76 percent of email traffic. Phishing threats delivered via email also increased.
  • Malware Behavior. Cybercriminals adapted their methods to confuse and circumvent specific countermeasures. Fifty percent of web-connected malware became significantly bolder, downloading additional malicious executables within the first 60 seconds of infection. The remainder of web-connected malware proceeded more cautiously, postponing further Internet activity by minutes, hours or weeks, often as a deliberate users to bypass defenses that rely on short-term sandboxing analytics.
  • Data Theft/Data Loss. Key changes in data theft targets and methods took place last year. Reports of intellectual property theft increased, and theft of credit card numbers and other Personally Identifiable Information (PII) continued to grow. Hacking, malware and other cyberthreats continued to be a common method of attack.

Taken together, these indicators made it clear that those who treat mobile threats, email threats, web threats and other cyberthreats as separate and distinct risks will be left behind. Solutions that focus solely on mobile, email, web or otherwise can no longer be trusted to defend against complex, multistage attacks that can move between attack vectors.

Author: Victor Janulaitis

M. Victor Janulaitis is the CEO of Janco Associates. He has taught at the USC Graduate School of Business, been a guest lecturer at the UCLA's Anderson School of Business, a Graduate School at Harvard University, and several other universities in various programs.