Smartphones: The next big security threat

The big headlines, in recent days, have been from the China-based cyberattacks on search giant Google. According to security professionals, the attacks were highly sophisticated, with McAfee CTO George Kurtz calling the attacks on Google and other companies a "watershed moment in cybersecurity." The attacks, said Google, resulted in the theft of intellectual property that occurred after Google decided to stop filtering search results in China. Google suspects the culprit is the Chinese government itself.

So far, it appears that source code was stolen from more than 30 Silicon Valley companies. Adobe Systems has confirmed that it was targeted by an attack, while other companies such as Juniper Networks, Northrop Grumman, and Dow Chemical were also targets.

That's scary stuff for IT folks, and it highlights just how sophisticated these operations are, even if they aren't coming from the Chinese government. Many suggest that the black market for corporate information is now worth more than the international drug trade, and those performing attacks are highly sophisticated organizations involving a labyrinth of people installing malicious software.

Perhaps even more alarming is the vulnerability that smartphones, which are fast becoming mini-computers complete with significant storage capabilities, pose to the enterprise. Is spoke with a number of experts on this issue recently. Their revelations are, well, frightening.

"One of the areas under-reported as far as threats go are smartphones," said Chris Herndon, managing director and chief technologist with MorganFranklin. "It's amazing what is out there in terms of malware targeting the mobile market. It's not so much the interception of what is on that device, but access it is going to provide to the hackers. Once that device is tethered to Internet via a USB cable or back to enterprise, it creates a pipe from the corporate enterprise back to the hackers."

Perhaps more problematic is the lax attitude when it comes to smartphones. Employees aren't as careful with these devices as they are with their laptops. "Employees should be reminded that as soon as they connect to the Internet via any device, they are vulnerable to attack," said Derek Manky, threat researcher with security firm Fortinet. In short, smartphones need the same security attention laptops get.

There are smartphone security solutions available, but few enterprises are actually using them, these experts say. Smartphones simply aren't viewed as a threat. Unfortunately, it may take a rather large breach, such as what happened to Google, to make the enterprise wake up. The last thing a large corporation wants is the revelation that a corporate breach occurred via a mobile phone. - Lynnette