Intelligent CISO Issue 08 | Page 49

F For most people today, mobile devices are an essential part of life. We can track our steps, our sleep, our calorie intake, manage our online banking, use the mobile device for transactions, access emails, schedule appointments, to name just a few of the modern functions of a mobile on top of other traditional ones like making calls and sending messages. The information stored on these devices is now with us the majority of the time. It means it’s incredibly important that those devices are fully secured, with cybercriminals increasingly targeting mobile devices according to research. Securing the mobile channel Here, Will LaSala, Director of Security Solutions, Security Evangelist, OneSpan, discusses the importance of securing the mobile channel, how criminals are increasingly targeting banking customers via their mobile banking apps and how banks and financial institutions can combat this. There’s never been a greater need to secure the mobile channel, which has fast become the target of choice for criminals. UK banking customers lost £500 million to scams in the first half of 2018 and customers are increasingly being targeted via mobile banking apps. For example, SIM swap fraud, which involves hijacking phone numbers to gain access to mobile accounts has increased by 60% since 2016. One of the biggest challenges banks and financial institutions face in preventing mobile banking fraud is that mobile applications reside on customers’ devices: an environment largely outside of the bank’s control. Users can become the weak link in security and there are a number of things that could leave them more vulnerable to attacks and threaten the mobile environment that the banking app resides on. Will LaSala, Director of Security Solutions, Security Evangelist, OneSpan www.intelligentciso.com | Issue 08 For example, jailbreaking devices to download free apps can mean malware has the ability to access banking credentials. On the other hand, a customer may regularly connect to FEATURE public Wi-Fi networks or postpone critical software updates on their device, leaving security patches exposed. Another growing problem is that both the malware and criminals’ techniques are becoming more complex and sophisticated. For example, today’s mobile malware can leverage a program’s code to make the app itself a threat. Malicious actors can reverse engineer apps to modify the core functionality or create an exact duplicate, which when downloaded will silently install other apps that steal data from the user and the mobile device. With all of this in mind, it’s crucial that mobile banking apps are able to protect themselves in untrusted or compromised device environments to reduce the risk of mobile banking fraud. Application shielding technology proactively detects and prevents application-level intrusions in real- time and means that even if a user There’s never been a greater need to secure the mobile channel, which has fast become the target of choice for criminals. has unknowingly downloaded a virus or malware onto their device, the app itself is protected and the data and transactions made within it are secured. This technology is also context- aware and prevents attackers from injecting malicious code into an app and repackaging it for distribution in unofficial marketplaces or websites, as was seen with the popular Fortnite app earlier this year. 49