Mobile is new! It’s different! It’s great! But when it comes to security, mobile risks are remarkably similar to the risks we experience on the Internet. Welcome to the Internet security rerun – now playing on your mobile device.

The early days of mobile were rah-rah, all systems go. Security? We’ve got passwords – just like we did on the Internet. Even better, each mobile device has its own ID and GPS so we know if the device is with its owner. Companies like Apple and Google even set up a review process for apps published on their App Stores. And guess what? There’s almost no spam or exploits as the public embraces mobile faster than kids leaving school for vacation. 

The Internet was just as much of a phenomenon 10 years earlier. Remember AOL and the dot-com billionaires? Remember the early miracle of email, eBay and Yahoo search? Hackers were just naughty programmers trying to prove they could splash silly messages on our screens. Hardly anybody lost money.

Mobile Community = Profit For Attackers

A few years into the mobile tsunami, Kaspersky Lab discovered more than 25 times more mobile malware than it had identified in the entire six-year period between 2004 and 2010. To be fair, the security industry might not have been looking for mobile malware in 2004. Smartphones had become a lot less like phones and a lot more like computers. Recently, criminals ‘discovered’ what they can do in the new mobile space.

That’s similar to Internet cybercrime which developed from innocent hacks in 2000 to a $110 billion enterprise in 2012. During that period, Internet security developed from a weekend chore for a few unlucky Microsoft programmers to a full business division housed on a separate campus. Virus scans, web filtering and strong passwords have become part of our lives.

Just Like The Internet?

Today’s reports on mobile security cite the same threats that we have been addressing on the Internet:

• Inadequately patched devices
• Malicious applications posing as harmless apps
• Insecure passwords – like "1111" – or no passwords on the phone
• Struggles with device policy control
• Bugs that allow bypass of security controls, such as the password lock
• Customer credentials – like mobile banking user names – stored on the phone
• Man-in-the-middle attacks where criminals impersonate mobile phone users to gain access to personal information and eventually funds
• Spam messages focused on getting users to reveal their credentials

The list is long, ugly, and growing.

Full Circle

Given our long and expensive experience with Internet security, you might think that mobile risk management would have been part of the package from the beginning. Unfortunately, it didn’t quite work out that way.

The point is – we have had ample time to prepare for all of these threats. Ample time to educate the billions of smartphone users about the urgency of mobile security. We know the attacks, understand how they can be stopped, and appreciate the challenge of shaking the public’s confidence in the latest shiny gadget just enough to get them to protect themselves.

To be fair, new software has been developed for mobile device management, anti-malware, etc.  And mobile patching and app review processes continue to improve.  But, in all too many ways, the mobile community finds itself where we were 10 years ago with Internet security – running as fast as we can to keep up with the growing security challenge.

Robert Bessel is the public relations director for Avon, Conn.-based COCC Inc.