A full 64% of respondents to the CSA’s global survey said that they believe that NFC and proximity-based hacking will happen in 2013. And 81% of respondents believe that insecure Wi-Fi and rogue access points are already happening today.
This is of particular concern as the proliferation of mobile devices consequently increases the use of and reliance on Wi-Fi networks.
“As we move further into an era where mobile computing is ubiquitous, we're seeing an entirely new threat landscape that involves newer concerns like lost devices and rogue marketplaces, but also a heightened level of concern over insecure public Wi-Fi as we rely more and more on access as we travel." said Dan Hubbard, CTO of OpenDNS.
And when it comes to NFC, penetration is still low, with its adoption largely confined to a few convenience store point-of-sale terminals that allow people to tap-to-pay with their phones. But the implications of using a mobile phone as a digital wallet for financial transactions is a revenue opportunity that everyone from Visa to AT&T are looking to tap, so to speak. Unfortunately, NFC brings up a whole new level of fear for many. NFC and proximity-based hacking thus rounded out the list of mobile security concerns.
Some are out in front addressing the issue before the technology is widely deployed, however. For instance, Australian banking giant ANZ has initiated its NFC contactless payment trial, and is looking to explore biometrics for enabling secure banking within its Banking on Australia initiative. And Apple, meanwhile, hot on the heels of its acquisition of fingerprint security vendor Authentec, is reportedly in talks with biosecurity firm Microlatch to include its fingerprint technology in future versions of the iPhone. Microlatch has a patented fingerprint recognition software that eliminates central processing or storage, which makes it an optimal technology to work with NFC securely.
In terms of the more real-world aspects of the report, data loss from lost, stolen or decommissioned devices unsurprisingly topped the list, followed by information-stealing mobile malware. But following these two headline-grabbing threat approaches are concerns about poorly written third-party applications opening up security holes; exploitable device vulnerabilities in the OS; insecure Wi-Fi; network access and rogue access points; insecure or rogue marketplaces; insufficient management tools, capabilities and access to APIs; and, while BYOD was not specifically mentioned in the list of the top threats, its presence is implied throughout.
“Personally owned mobile devices are increasingly being used to access employers’ systems and cloud-hosted data, both via browser-based and native mobile applications,” said John Yeoh, research analyst for the CSA. “This without a doubt is a tremendous concern for enterprises worldwide.”
The CSA noted that the survey merely scratches the surface, but that it “serves as an important first step in a larger effort by the CSA to provide industry guidance on where enterprises should place their resources and focus when it comes to addressing mobile security threats.”
“The results of the CSA Mobile Working Group survey are testament to the security threats that mobile devices introduce to the corporate network,” said Patrick Harding, CTO at CSA member Ping Identity. “With more and more enterprises adopting a BYOD model, it is critical that mobile devices adhere to the same corporate security policies as other devices and that proper identity and access management processes are put in place to ensure the security and integrity of the organization.