One-off security installation 'not enough', says TCG

Monday, 28 October, 2019

Mobile device designers and operating system manufacturers are being called to consider their products’ security a ‘work in progress’, rather than a one-off activity.

The message — delivered by Trusted Computing Group’s (TCG) Mobility Solutions Work Group Co-Chair Ira McDonald — comes amid growing concerns that the “trend for greater connectivity, driven by functionality and convenience, is putting mobile devices at risk of exploitation and making them more vulnerable to attacks”.

“As security threats become more sophisticated, mobile device designers and operating system manufacturers will need to ensure they have proactive protection plans in place that can evolve throughout the product’s life cycle and quickly respond to new threats as they emerge,” she said.

This would take multiple cybersecurity countermeasures and, potentially, a ‘defence in depth’ approach, which would allow mobile phones to be updated even after they’ve been compromised, according to McDonald.

“In order to keep mobile devices secure, the designers of these systems must assess all of the attacks that they must resist and the consequences of a successful attack,” McDonald said.

“The risk assessment can help designers to weigh the costs and benefits of the various firmware and software update approaches and choose an approach that provides adequate protection for their system.”

Image credit: ©stock.adobe.com/au/SasinParaksa

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.