Mobile security has been under intense scrutiny in recent weeks following revelations that the National Security Agency (NSA) mined smartphone data from apps, including Angry Birds. Is this a concern among users of smart devices, or just the industry?
Certainly, the concept of service provider security is undergoing significant change, with several key trends contributing, namely the nature of business, technology and who is attacking. For instance, new revenue-generating services like mobile health and commerce are being developed. It is impossible to imagine ecosystems that involve incredibly personal data being a success without robust, clear, end-to-end security mechanisms.
More and more, we’re dealing with “for-profit” illegal and cyber attackers, often involving large criminal organisations. This is a fundamental difference. And because the attackers are different, the nature of the attacks is different, too.
There are several aspects of cyber-attacks to consider (that at some point can become full-blown cyber/mobile wars). With a DDoS attack, for example, even if the attack itself is very painful, everyone can see it.
The challenge is that more and more cyber criminals are attacking in a “low-and-slow” manner, trying to be under the radar of the current generation security systems. This new generation of attacks is very difficult to detect and, sometimes, the attack can be active for years before being detected.
The advent of Long-Term Evolution (LTE), or 4G as it is sometimes called, exacerbates concerns; LTE networks are less secure than previous network generations, one of the reasons being that they are all-Internet protocol (IP) networks vulnerable to attacks inherent to all-IP networks. A new attack front has been opened for hackers.
Do customers care? Research conducted among UK consumers suggests that they do, with a recent survey of nearly 2 000 respondents finding that operators risk losing customers over mobile security concerns, with security among the top three elements consumers consider when choosing a mobile operator, after pricing and network coverage.
Interestingly, over a third (35%) now hold operators responsible for any data breaches suffered and over half (52%) of customers would jump ship in the event of a major security breach.
“We are certainly seeing a similar sentiment among South African consumers,” says Martin Walshaw, senior engineer at F5 Networks. “As we become increasingly connected, the lines between private and public data grow more and more blurry. Consumers may not realise the dangers of granting apps access to information, such as their contacts, yet they are unforgiving if that information is accessed by third parties, for whatever reason.
“They expect that their information will be safeguarded and aren’t interested in excuses when that data slips through the cracks. As far as they are concerned, it’s the business’ fault for having lax security and they will not think twice about switching to another provider whom they deem is more careful with their information.
“Once the Protection of Personal Information (POPI) Act becomes effective, businesses will be required by law to protect their customers’ details – or face serious penalties. It will no longer just be about retaining customers, but, more importantly, about being compliant and about protecting the business’ reputation. Network security will become a number one concern.”
This is potentially threatening to business, meaning the onus will be on mobile operators to increase their efforts to protect users, networks and applications.
