Advice issued by Symantec last week following the discovery of a new strain of malware called Android.Bankosy mistakenly puts the onus on end-users to protect themselves – when unfortunately they are mostly ignorant about malware and least able from a technology point of view to protect themsevles.
Instead, it is app developers who need to take the brunt of responsibility because they are not developing applications with built in self-defences – technology that is already available.
Tom Lysemose Hansen, founder and CTO of Promon explains: “End-users are the weak link in security so strategies that rely so heavily on guiding them on how to protect against attack will always fall short. Furthermore, the specific suggestion last week that end users should download Norton anti-virus software is misleading – defence needs to be from inside the application and just applying a protective wrap around a device or operating system has been shown not to be sufficient – as malware is still able to inject code into targeted apps.
“Ultimately, the initial case of keylogging or man-in-the-app that would have smuggled the voice control malware onto the devices could have been prevented. Cyber attacks are becoming more and more sophisticated, but by securing apps from the outset with self-defending technology, attackers are denied a foothold.
“There is an issue here of passing the buck. App developers expect designers of operating systems or devices to put protections in place so do not prioritise security. Then, whenever a new piece of malware strikes, everyone just blames end-users and tells them to be more careful.
Anti-virus software is developed as a barrier around devices and operating systems to threats that are currently identified and understood. While partially effective, it is inevitable that such an approach will always be fighting the last war and will find it progressively more difficult to stay ahead of new cyber threats. Furthermore, if cybercriminals are able to breach the anti-virus once, then every part of a device and the software running on it becomes vulnerable. In-app defences are designed to plug any weaknesses within applications themselves, creating a more secure solution. Each application is tougher against attacks, even in the event that a device is compromised.
Tom concludes: “Of course, end users should install anti-virus if they can, but app developers must do more to guard customers’ data with the multi-layered security protocol required to deal with complex threats. For far too long we’ve witnessed a selective blindness among security providers who fail to consider the pitfalls that come with increased ease-of-use. It shouldn’t fall to the customer to ensure the latest patch or relevant antivirus software is installed; security providers must instead shoulder the responsibility for a hack, educate on threats, and address their neglect of customers’ private data.”