Every time there’s a compliance or security issue surrounding a popular application, most IT security professionals just shake their head in disbelief. When it was discovered this week that the Pokemon Go mobile application (which gathers more personal data than any application has a right to do) is distributed on servers loaded with malware, most IT security professionals quietly fume over why no one is listening to their warnings. After all, this is not the first mobile application to have IT security issues. Remember when it turned out that a lot of those mobile flashlight applications were sending data back to unknown servers in China?
The folks at Niantic that make Pokemon Go are promising to fix these issues in the next major release. The good news is that the malware is generally confined to instances of Pokemon Go that were downloaded outside the confines of app stores run by Apple and Google. Those two distributors of mobile applications go to a lot of effort to make sure that applications they distribute have passed an IT security review.
Of course, for all the money spent on IT security there really is no substitute for end user education. IT security technologies are not going to be much help when an end user falls prey to a phishing scam that results in them downloading malware on their machine. Before too long that malware winds up either delivering a ransomware payload that encrypts an organization’s data or being used to surreptitiously steal data.
The real problem, of course, is that organizations that allow end users to connect devices they own to a corporate network don’t really know where those devices have been between since the last time that device connected to the network. More likely than not that device has been connected to at least one Web site loaded with malware. Before anybody realizes it, that malware is now trying to find a way past the corporate firewall.
While there are tools that prevent end users from accessing sites that are known to be loaded with malware, it’s difficult to keep pace. Hackers are especially prolific when it comes to finding new and creative ways to distribute malware. The only thing an IT organization can really do to minimize their exposure is to continually remind end users about the need for more hygiene when it comes to security. Much like when it comes to controlling the spread of germs by reminding people to wash their hands, companies need to be proactive about reminding end users about being prudent about the sites they visit. In fact, in an ideal world, IT security hygiene would be taught in every school as well.In an ideal world, IT security hygiene would be taught in every school. Click To Tweet
In the meantime, IT security professionals can take some solace in the fact that applications such as Pokemon Go are once again proving them right. That may be cold comfort once a corporate network gets infected by malware installed on those applications. But at the very least, there are now more people than last week who are at least aware of the dangers in downloading gaming apps to their mobile device from parts unknown of the Internet.