Nokia has issued the Nokia Threat Intelligence Report – H1 2016, revealing a sharp rise in the occurrence of smartphone malware infections in the first half of the year.
Issued twice a year, the report examines general trends and statistics for malware infections in devices connected through mobile and fixed networks.
“According to the report, smartphone infections nearly doubled between January and July as compared to the latter half of 2015, with smartphones accounting for 78% of all mobile network infections,” says Sherry Zameer, senior vice-president for Africa at Gemalto. “The malware infection rate hit an all-time high in April, with infections affecting 1,06% of all mobile devices tracked. In addition, Android devices were the most targeted by far, with 74% of all mobile malware infections.”
Banking and payment apps are used more than ever before now by smartphones; these apps are prime targets for hackers. Consequently, to protect their consumers and combat growing levels of sophistication from hackers, Zameer notes that industries developing apps must take this into consideration and adopt a layered approach to security based on the fact that various items are at risk: from the app itself all the way through to access data.
“This means that one cannot rely on a single method of protection to protect the entire app eco-system. Different layers of security need to be put in place, which all together form a robust and secure platform to protect sensitive mobile apps such as banking or government services apps to name but a few.”
Securing the application integrity starts with the app providers. “The latest software development kits (SDKs) ensure that apps are protected in the field and can defend themselves – detecting insecure environments and reacting accordingly. Security mechanisms that are typically used include coding techniques and cryptography, and secure environment detection.
“Apps should also be programmed to react in the presence of threats: stop execution, send an alert to a risk management server and essentially turn the mobile phone into a strong authentication device.”
In a similar way, secure access to the app can be achieved through a process of strong authentication – ensuring the user is genuinely who they say they are. “When it comes to security, user experience and convenience remains paramount and building a frictionless security solution can be achieved through the use of a One Time Password (OTP), biometric technology (fingerprint, facial or voice recognition), Out of Band (OOB) via Push notification where approval is sent for any app login request, or digital signatures,” adds Zameer.
A third layer of security lies on enhanced protection of the data itself through encryption which ensures that the data is illegible and essentially useless to cybercriminals, should they gain access to it.
The final layer to fight against the most advanced attacks consists of protecting the environment with a risk management system, which analyses real-time transaction patterns, detects unusual end user’s behaviour, evaluates risk, stops the transaction or asks users for further authentication.
With 2017 around the corner and in a world where cyber threats are constantly evolving and consumers have access to an unprecedented number of valuable services through their smartphones, it is important each player is prepared.
“Cybersecurity cannot be treated as an afterthought; effective risk management and evaluation systems need to be in place to protect end-users, otherwise trust in mobile apps will be severely undermined and the full potential of mobile will not be achieved,” says Zameer.
He notes that with the rise of mobile technology, user experience needs to become as centric to the design process of mobile apps as possible, ensuring that the end user is fully part of the security process. This includes embracing the “psychology of security” and making security visible to the end user through icons ensuring a sense of security, together with biometry, which plays a key role in a user’s experience and ensures strong authentication.
