When we shop around for new devices we tend to spend hours meticulously analysing the specifications of every device on the market. Which phone has the best camera? Which is the fastest? Which has the biggest screen and what tablet has the largest storage capacity?
We ask all these questions, but how often do we ask about the security capabilities of the platform the device uses? If we are truthful, it is not the first thing we think of when we unbox the latest high-spec device and start downloading apps, but it really should be – especially if we consider that, more often than not, we store our banking details on our devices along with access to literally every method of communication that we use, be it email, SMS, WhatsApp or social media. On top of all this, our devices are now literally a payment method accepted in most stores using either Apple Pay or Android Pay. If your phone gets hacked, it can cause irreparable damage both personally and professionally.
Android has been the preferred target for many cyber criminals wanting to infect devices and has had many of its security gaps exploited by malware. In one such attack in recent months, the CopyCat malware infected over 14 million devices globally. As a result of this and other attacks, Google was forced to increase security against phishing plugins to stop Google apps from being attacked. More recently, Google introduced runtime-only permissions in Android 8.0 for better security.
iOS has traditionally been seen as a very secure platform with high-security levels and a low risk of malware being spread via the closed platform. Apple is pro-privacy, and as recently as 2016 got into a standoff with US law enforcement when they refused to create a back door into a phone involved in a high-profile terrorist attack. The company justifiably feared this would leave millions vulnerable to an attack if the custom build was leaked or replicated. Apple is not without its security issues, of course: the company was recently forced to remove a legitimate developer certificate in order to thwart a malware attack upon fears that the certificate had been hijacked.
Protect yourself from ransomware
Ransomware has become a major tool for cyber criminals in the past few years, and gained widespread public awareness following the WannaCry attack. The NotPetya attack initially targeted the Ukraine and provides more evidence of how ransomware attacks are growing in popularity.
In response to the growing concern over ransomware, IT Governance now provides a scalable solution for staff awareness training. Our Phishing and Ransomware – Human patch e-learning course explains the threat that ransomware presents to organisations, and gives details of the resources available to help you understand and combat those threats. We also offer a more detailed Phishing Staff Awareness Course.
We also offer a Cyber Health Check for large organisations. This three-day package combines on-site consultancy and audit, remote vulnerability assessments, and an online staff survey to assess your cyber risk exposure and identify a practical route to minimise your risks. You’ll also receive a prioritised action plan for controlling your cyber risks in line with your risk appetite.
Visit our ransomware page to view all the services we offer to help your organisation combat threats.