Zimperium unveils Australia’s first ‘defence shield’ dedicated to guarding against mobile phone security threats
Cyber attacks on mobile phones have escalated as more Australian businesses adopt working from home permanently, prompting the commissioning of a defence capability in Canberra.
The cyber security company that protects the smartphones of US troops has launched Australia’s first defence shield against threats on mobile devices, warning attacks are escalating as working from home becomes embedded across the nation’s biggest businesses.
Texas-based Zimperium - formerly backed by Telstra’s venture capital arm – has built what it calls a Mobile Threat Defence or MTD in a data centre at Canberra and is about three months away from completing the federal government’s Infosec Registered Assessor Program.
This will allow it to sign on commonwealth departments and agencies, which require a minimum of Protected-level classification.
It comes as Microsoft is spending $5bn building a more generalised cyber defence shield, as well as nine new data centres in Australia to power the explosion in cloud company from the rapid adoption of generative AI. Microsoft has also committed to train 300,000 Australians and has partnered with TAFE NSW to launch a data centre academy.
Zimperium is yet to disclose the scale of its investment in Australia, instead preferring on how to differentiate itself from tech giants like Microsoft.
Chief executive Shridhar Mittal said the centre would be the first of its kind to allow agencies and critical infrastructure organisations to “seamlessly adopt mobile threat defence capabilities to detect mobile breaches and protect data”.
“The launch of sovereign hosted MTD is a game changer, facilitating significant cost savings, and rapid adoption and time to value for our government customers,” he said.
“Zimperium has also played a significant role in protecting other governments for a number of years, including the US Department of Defence, where we have secured the mobile devices used by armed forces to prevent incursion by hostile state actors. We can now do the same for the Australian government and infrastructure organisations.”
Government tender documents show that the Department of Finance is using Zimperium software under a four-year contract, valued at more than $63,000, which expires in February.
The company analyses employee mobile devices for threats, vulnerabilities, and exploits across Apple and Android apps for security, privacy, and malware. It can filter unwanted or unapproved content categories and blocks phishing attacks from any vector – including SMS, Whatsapp and Messenger – not just email.
It was the first mobile threat defence provider to be granted an authority to operate (ATO) by the US Department of Homeland Security and US Immigration and Customs Enforcement under the Federal Risk and Authorization Management Program.
Telstra Ventures was one of Zimperium’s early backers but offloaded its investment in the company – to Liberty Strategic Capital, the private equity firm founded and led by former US Treasury secretary Steven Mnuchin – in April last year.
Liberty secured a controlling interest in the company for $US525m ($806.02m). Zimperium won a US Defence Department contract in 2020 to protect the mobile devices of all US troops.
The company has made several warnings about work from home arrangements and the proliferation of workers using their own mobile devices and computers to access their employer’s networks.
Zimperium senior vice president for corporate development, JT Keating, said the high use of personal devices during remote working lead to “exposure and potential theft of data by malicious actors as they penetrate the often pitiful protections that non-enterprise networks and endpoints maintain”.
Mr Keating said cyber criminals were also targeting popular productivity apps used to facilitate remote working.
“Cybercriminals know that and these kinds of applications have become a key attack vector for mobile threats. Office 365 is just such an example,” he said.
“The app is the cornerstone of many workplaces, hosting a whole suite of Microsoft applications including Word, Excel, and Teams. In fact, a recent Zimperium poll found that 84 per cent of security professionals had enabled it on their phones.
“It also appears to be a cornerstone for cybercriminals too. One report says that this software suite alone accounts for more than 72 per cent of exploits, compared to browsers which account for just 13 per cent. It’s the very popularity of this particular application that makes it such a popular target for mobile threats too – the broader the attack surface, the more chances to infiltrate the target.”
IRAP – an Australian Signals Directorate initiative – provides a foundation for independently assessing a system’s security against Australian government policies and guidelines. The assessment provides assurance of Zimperium’s data security controls and procedures.
More Coverage
iPhone 16 review: Apple faces its ‘Barbie moment’
Consumers and Barbie fans will be tickled pink by Apple’s new iPhone colours. But how do the new models stack up, and is buying a Pro still worth it? We take a look.
Meta urged to regulate youth data use
Meta’s new self-enforced safety standards have drawn attention to its use of young Australians’ private data, argued to be driving harms that are still unchecked.