IBM Pulse: mobile security vulnerabilities 'not a primary concern'

Security expert says devices aren't being targeted by attackers

The threat to corporate security from malware attacks on mobile devices has been overhyped, according to an IBM security expert.

A recent survey by IBM highlighted concerns about mobile security among CIOs.

According to the study, 73 per cent of business leaders currently allow devices such as smartphones and tablets to connect to their corporate networks.

But 36 per cent do not feel these devices are adequately protected, and 40 per cent are planning to increase their investment in mobile security.

But CIOs can afford to be more relaxed, said Tom Cross, manager for X-Force Strategy and threat intelligence for IBM Trivoli.

Hackers are less interested in targeting mobile devices such as iPads because there is less opportunity, he told the audience at IBM Pulse.

"There is not a lot of malicious activity out there exploiting vulnerabilities on mobile devices, and enterprise security in this respect is not a primary concern now," said Cross.

"Users are still largely using apps to access the internet on their mobiles and tablets not web browsers. If you are a bad guy running a malicious site and were trying to get people to visit your site, targeting mobile devices isn't going to bring you a lot of success," he added.

"This may change in the future as we get higher performance networks, and browsing becomes easier, but it isn't common place at the moment. There are a few malicious things out there, but we are not seeing widespread activity."

The primary concern facing enterprise security on mobile devices is the risk that critical information on the devices might be compromised if the devices were lost or stolen, rather than the concern that the devices might be infected with malware.

Cross also suggested that future developments in technology will further secure mobile devices for the enterprise.

"Vendors that are making these devices are investing far more in the security for mobile devices, than in security for the desktop," he said.

"What I would like to see is more segmentation in the phone operating system, so that there is a split between personal and business use on the same device. This is essentially mobile virtualisation, where the business aspect is separated from everything else," he added.

"Because of this increased investment and technology advancements, you are to some extent seeing more security advantages in the mobile area."