What did we do before we had mobile phones? I mean, never mind the phone calls, texts and emails – it is the one-click shopping, balance checking, bill paying and research that I can’t imagine living without. The power of a quick search to see if the shoes I am looking at in Store X are cheaper at the store across the street. A quick glance at my checking account balance before purchasing. And then, a final last second search and the realization that I can save even more if I purchase them online – and the one-click shopping which saves me time and keeps my wallet a bit fatter.
We are spending more time using our mobile devices in our daily routines than ever before: smartphones and tablets are an important platform for business, entertainment, research and social engagement. Think about this. On Black Friday this past year, sales on mobile devices accounted for more than 20% of U.S. e-commerce spending. And, 62% of consumers have at least tried mobile banking. We are demanding access to our information and accounts where and when we want it – which is right now, from the device I am holding in my hand.
Of course, where ever consumers go – cybercriminals are not too far behind. At the end of 2011, Trend Micro reported that it had detected 1000 malicious android apps. A year later, by the end of 2012, it detects over 350,000 malicious apps. By the end of last year, Trend reported that it had crossed the 1-million malicious apps mark… that is x1000 growth rate in 2 years. These growth rates are phenomenal. It took PC-based malware nearly 15 years to reach these levels! Things like credential testing, password guessing, vulnerability probing may be easier from a mobile device because the mobile channel has fewer authentication barriers and high risk checkpoints.
As mobile channel usage grows, we can expect to see threats targeting organizations originating from mobile devices to increase as well. Gaining visibility into the traffic that is hitting web properties from both the mobile browser and native applications, is a key first step. This increased visibility allows organizations to identify indicators of threats by focusing on what normal traffic and transactions look like. Bad actors tend to highlight their activity if you pay attention to how they are moving through the web session. You just need the insight, analysis and ability to take action on anomalous behavior to be one step ahead of the growing threats from the mobile devices we can’t seem to live without.