App developers need to take the brunt of responsibility for malware on devices, rather than the onus being on end-users to protect themselves, though they are mostly ignorant about malware. The app developers are not creatng applications with built in self-defences – technology that is already available, it is claimed.
Tom Lysemose Hansen, founder and CTO of Norwegian application security product company Promon says: “End-users are the weak link in security so strategies that rely so heavily on guiding them on how to protect against attack will always fall short. Furthermore, the specific suggestion last week that end users should download Norton anti-virus software is misleading – defence needs to be from inside the application and just applying a protective wrap around a device or operating system has been shown not to be sufficient – as malware is still able to inject code into targeted apps.
“Ultimately, the initial case of keylogging or man-in-the-app that would have smuggled the voice control malware onto the devices could have been prevented. Cyber attacks are becoming more and more sophisticated, but by securing apps from the outset with self-defending technology, attackers are denied a foothold.
“There is an issue here of passing the buck. App developers expect designers of operating systems or devices to put protections in place so do not prioritise security. Then, whenever a new piece of malware strikes, everyone just blames end-users and tells them to be more careful.”
He describes anti-virus software as a barrier around devices and operating systems to threats that are identified and understood. While partially effective, it is inevitable that such an approach will always be fighting the last war and will find it progressively more difficult to stay ahead of new cyber threats. Furthermore, if cyber-criminals are able to breach the anti-virus once, then every part of a device and the software running on it becomes vulnerable. In-app defences are designed to plug any weaknesses within applications themselves, creating a more secure solution. Each application is tougher against attacks, even in the event that a device is compromised.
Tom adds: “Of course, end users should install anti-virus if they can, but app developers must do more to guard customers’ data with the multi-layered security protocol required to deal with complex threats. For far too long we’ve witnessed a selective blindness among security providers who fail to consider the pitfalls that come with increased ease-of-use. It shouldn’t fall to the customer to ensure the latest patch or relevant antivirus software is installed; security providers must instead shoulder the responsibility for a hack, educate on threats, and address their neglect of customers’ private data.” Visit http://www.promon.co.
