back to article Valid logins to your workplace are on the net, right now

Enterprises are almost universally open to intrusion attempts with stolen credentials, and are at increased risk from compromised smartphones thanks to a spike in device malware. The findings stem from two separate studies. Digital Shadows research [PDF] reveals 97 percent of the Fortune top 1000 largest companies face …

Anonymous Coward

"Most of the infected phones were Android phones. Most phones running the Google operating system operate on Lollipop version five and the highly vulnerable KitKat version 4.4."

And how many of these vulnerable phones are held by people in a position to overrule or dictate terms to IT, on pain of pain?

9
0
Silver badge

Pretty much all of them as the regular plebes don't get company phones.

0
0
Anonymous Coward

The IT Security counterpart of the Central Banking mentality.

The Ouroboros-like logic of the C-suite whereby we have gentlemen-inner-club-style self-serving back-patting as being "pretty good on security around here, innit" on the one hand and the active ignoring of statements saying what it will really take in time and $$$ to get serious about security on the other hand (as well as actual decision-making) is unreal.

Meanwhile regular "breach panics" are followed by an embrace of the on-call salesguy who will "just quickly install a little tool" (that will in time land on the cloud graveyard of unmanaged tooling) and an exercise of having the poor summer intern eruct a quick IT security policy from the sad loneliness of her/his cubicle.

This is never going to fix itself. Never.

4
0
Silver badge

Re: The IT Security counterpart of the Central Banking mentality.

As pointed out here: http://www.theregister.co.uk/2016/09/23/if_your_company_has_terrible_it_security_that_could_be_a_rational_business_decision/

...it's not necessarily an irrational decision. Once the penalties for leaking PII are reset to sane (ie,. expensive) levels, and a few companies have gone down in flames after a BEC or other financial fraud, the calculation will shift and more orgs will be motivated to do it properly - or at least try to.

0
0
Silver badge

Re: The IT Security counterpart of the Central Banking mentality.

"Once the penalties for leaking PII are reset to sane (ie,. expensive) levels, and a few companies have gone down in flames after a BEC or other financial fraud, the calculation will shift and more orgs will be motivated to do it properly - or at least try to."

It'll probably prove cheaper to bribe the governments that set the regulations when that happens...

1
0
Silver badge

It will take the loss of business to get Android phones updated

It will take the loss of business by phone makers and telecos to get Android phones updated

If Google and its customers (the call phone hardware companies and telecos) don't get with it ensuring that Android systems are promptly patched end-client companies will start requiring (maybe even providing) either iOS or Windows Phone on any bring-your-own devices allowed on the network.

Android OEMs and lazy telecos are probably the only hope MS has of getting Windows Phone to prosper.

But really, why would a teleco care what the OS is on the phone it is selling? Android, iOS, Windows Phone, they'll sell what the end-customer is willing to pay for. The profit is similar regardless.

Maybe Google should either give up on Android or make mandatory timely fixes to security vulnerabilities part of its license agreement.

But does Google make enough money off of Android to care? Or is it just a prestige "we make an OS" thing with them? Anyone here know for sure?

0
0
Anonymous Coward

Re: It will take the loss of business to get Android phones updated

"But really, why would a teleco care what the OS is on the phone it is selling? "

They care because of a few reasons, first is, can it be customised by them, locking down features that they can charge extra for, installing apps for services that they offer and not allow the customer to remove, to increase revenue.

Also perceived value, they want to have the phones that everyone else sells and if they can customised versions for their network.They don't want to stock or sell ones that don't have these allowances that don't have a large market share as they will cost them money stocking them.

Contracts with the suppliers saying that they will be exclusive or only be allowed to stock specific other manufactures phones or have to pay a premium or be not allowed to sell the phone below a specific value.

1
0
Silver badge

iOS or Windows? Why?

TBH we all know that it is the popular OS that get attacked because there is most chance not only of success but also profit. If you have a pathetic market share (Windows) then you will not be attacked for a very long time (brings us back to the Nokia idiot who dropped a phone with a large market share for one with none and said he was clever).

iOS is not too far behind Android and I suspect also has its hacks and exploits despite the walled garden protection.

2
0
Boffin

Re: iOS or Windows? Why?

iOS does have vulnerabilities as well, but Apple patches are available as soon as they're released. Android phones will vary from getting their patches on time, to lagging a couple of months, or not getting them at all. So an 0-day on iOS might be fixed in the next couple of weeks, while some Android phones will be forever stuck with that exploit.

As for Nokia, well, that's what happens when the board promotes a Microsoft sleeper agent to CEO. Fortunately, Nokia was able to jettison that part of the company along with the sleeper agent, and soon will get back at doing smartphones with non-crap OSes.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017