Ryan McGee is the Mobility Sales Leader, Middle East and Africa at Checkpoint Security Technologies, in this interview, the mobile security expert tells BusinessDay’s Jumoke Akiyode– Lawanson about the importance of securing mobile devices, especially because of the increased mobile malware attacks and its impact on organisations in recent times. Excerpts.
Why has mobile security become so important to organisations and even individuals now?
The most important thing to remember with mobile is that as much as mobile phones have been around for a long time, the usage of mobile phones in the last 2-3 years has expanded a lot. The number of applications that we use, how many phones are being connected to WiFis, and so on. In all honesty, we don’t know if our devices are secure against threats or not. As an individual, we actually don’t know, so what we need now is to have security on the device because really where we are seeing the attacks come from is that when we download applications to make our lives easier but this is allowing people who are trying to access our devices to put malicious codes into applications and we download these applications and start using them without knowing the damage that they can cause.
This is very much the same when we connect to a WiFi network. At a corporate level where we see 500 or more individuals using their mobile phones to access corporate resources, at least one device is infected with malware and at least 89 per cent of organisations have experienced a WiFi man-in-the-middle attack and at least 74 per cent of those organisations have got 35 or more jailbroken or rooted devices that are accessing their corporate resources, so yes it is definitely happening in Nigeria and organisations need to consider what they need to do about it.
READ ALSO: Cyber mercenaries constitute the biggest single challenge to financial institutions in Nigeria
What are the major threats posed to organisations through the mobile channel?
Because we are data-hungry people, if we know there’s a free WiFi network we’ll want to connect to it, but what we don’t really know or what our devices can’t tell us is if the network is secure or not. So, you can have something called a ‘man-in-the-middle’ attack where somebody is sitting between your device and the internet and is monitoring everything you’re doing and the risk is higher now because we are doing so much more on our mobile devices nowadays. We are doing mobile banking, accessing very confidential information; whether is personal or business-related.
The third thing that we are seeing as a big concern in the mobile channel is phishing SMSs being sent. Like phishing emails on the laptop, people will now get SMSs sent to their phones saying that they are from a certain company, where you may have an existing account, asking you to update your personal details, and the problem is that users on the mobile channel are not as familiar with this type of attack so we need to have something on our device that can warn us and protect us from these potential threats. These are the biggest threats that we are seeing on the mobile channel at the moment.
From the results of your market analysis, do you envisage that there will be an uptake in the adoption of anti-malware/anti-virus solutions for mobile devices in Nigeria, especially in the enterprise landscape?
What we are going to see is much more than just anti-virus. We need anti-phishing to detect phishing as well. Because we don’t walk around with our laptops, connecting to WiFi networks all the time, but we do with our mobile devices, so while an anti-virus will protect us against a man-in-the-middle WiFi attack, we need something else on the device that is more than anti-virus. You can think of it as anti-virus or anti-malware, but what we prefer to call it is device protection.
What is Checkpoint doing to secure enterprises and even individuals from mobile malware attacks, considering that Nigeria has been termed a mobile-first nation with about 150 million mobile network subscribers, a large number of these subscribers are smartphone users and the recent checkpoint research on the impact of mobile attacks in enterprise environments shows that Android and iOS platforms are susceptible to attack?
At an enterprise level, we are working very closely with organisations in Nigeria to be able to offer security to their employees.
In other words, the companies will buy these device protections for their employees and it works by protecting the individual in the sense that organisations are now asking employees to bring their own devices to work and use these devices to access corporate resources like emails, banking systems and others. So, when the organisation buys the licenses for its users, it’s achieving two things; it is protecting the user at a personal level and it’s protecting the information assets of the organisation by making sure that the device has not been compromised in any way through any of those different means of attack.
READ ALSO: People Falling for Bitcoin Scams Rapidly
Could you please estimate the amount of damage caused to enterprises through mobility, especially in Africa where you’re more focused and how much damage has checkpoint solutions been able to prevent?
It’s a little bit difficult for me to break it down into a regional perspective. However, to put some context to it, if we look at recently at the popular wannacry ransomware, it was estimated that wannacry probably made anywhere between $50,000 to 100,000 globally. Whereas, just one mobile attack that we are aware of called copy cat alone has netted over $16 million in such a short while. That just shows that the mobile channel is an easier target. With regards to specific numbers on how much we have been able to prevent, it is quite difficult because what they are trying to steal is credentials at an enterprise level. So, if I can steal your username and password to email, then I can go and attack the company more traditionally.
Companies themselves battle to quantify or justify where the attacks start. They just know that they have been hit by an account, where somebody has stolen credentials and has managed to then steal money from people’s accounts, steal sensitive information and it is very difficult for them to determine that this originated from the mobile channel, hence it is difficult to say that mobile is a certain percentage higher than more traditional means of scamming or launching malicious attacks on organisations.
The checkpoint report states that 75 per cent of mobile malware attacks happen on jailbroken devices and an average of 35 per cent on rooted devices. This could be seen as a major concern in Nigeria, especially because a huge percentage of mobile devices in the market are jailbroken devices which were once locked to a particular network abroad and sent to Nigeria to be resold. What risks do these devices pose to enterprises?
The risk is that a jailbroken or rooted device will by-pass the traditional device security that natively comes with the operating system of the device. Now, this suddenly allows people to physically go and install malicious things unto their devices, sometimes they do it intentionally and sometimes it is unintentional.
READ ALSO: Cybercrime: Nigeria ranks 3rd most attacked country in Africa
However, the bigger problem is at a corporate level, because organisations will often have a security policy that they wouldn’t allow jailbroken devices unto their corporate network, but when you ask them to say how many of these devices are accessing your network, it is very difficult and they don’t know the numbers of devices that are jailbroken or rooted and it is not just the Nigerian market, it is across the continent that there are a lot more jailbroken and rooted devices in circulation. The challenge for an organisation is for them to understand that a different security policy should be placed against these devices but until they can distinguish between a jailbroken device and one that is not, it is very difficult to apply any security policy at a mobile level.
How would you describe the awareness and interest in mobile security in Nigeria?
Nigeria is actually starting to lead the way in mobile security especially at the corporate and government level. I think this is because Nigeria has got this mobile-first mindset and mobile adoption is very high in the country and people like to use mobile and organisations are seeing the benefits of enabling people on the mobile channel. It increases productivity as employees like to be empowered on the mobile channel. What has been holding them back previously was the fear and lack of understanding of mobile security.
What edge does checkpoint have over other security providers specifically on the mobile channel?
The good thing with checkpoint is that we cover absolutely all types of attacks. We also integrate very closely, companies that spend a lot of money on various security products, we integrate the mobile security products to make sure that we are offering a total solution. We believe in a multi-layer approach to security.
