Banks Warned on Mobile Security
Executives from IT and other departments not collaborating properly, IDC warns
By Antony Savvas
January 13, 2012 — CSO — A lack of IT and business integration is opening up banks and their customers to attacks through mobile malware, according to an IDC research paper.
IDC has found a "widening gap" between IT and business executives in many UK financial services companies, posing "grave operational and security risks for mobile and online services".
The analyst firm said the gap is an unintentional consequence of business decision-makers within financial institutions lobbying for new and enhanced digital services, despite resistance from IT departments "fearful of the growing security threat from mobile malware".
Alex Kwiatkowski, an IDC analyst, said mobile was a huge opportunity that is beginning to be realised this decade after a series of "false dawns" in the 2000s, with nearly all the UK's retail banks launching mobile services in the last three years.
Kwiatkowski said: "Banks are clearly aware of the threat posed by malware, but the extent to which this 'awareness' encompasses mobile is something of an unknown quantity. We have identified that banks are launching or enhancing new digital banking channels without a clearly defined IT strategy or budget from the onset."
Kwiatkowski added: "An unfortunate consequence of taking this approach is the widening of the gap which has perennially existed between 'the business' on one side of the divide and IT on the other."
Up until now, said IDC, the threat of malware being spread by mobile devices among banks and their customers was low. But it said the threat was expected to increase this year as malware writers were focusing on vulnerabilities in mobile operating systems. The IDC research was sponsored by cloud data access firm Akamai.
Earlier this month smartphone users were warned about the threat posed by scareware distributors.
Read more about data protection in CSOonline's Data Protection section.