What’s the next step for mobile security?
Since the early 2000s, we have seen a huge increase of mobile and wider cybersecurity measures being put in place by mobile service providers and telecoms companies as both B2B and B2C customers demand more security and protection of their data, writes Isaac Daniel, the founder and chief executive of Macate. However, as hackers become ever more determined and their attacks increasingly sophisticated, how can mobile operators continue to protect customers from a cyberattack?
The current landscape of mobile security is incredibly complex and evolving at an unprecedented rate. Even in the first half of 2017 we have seen a significant change in how mobile security looks and feels. The telecoms landscape itself has changed shape in 2016 as many moved into the over-the-top (OTT) market.
As more companies move to a bring-your-own-device (BYOD) model, it is becoming increasingly difficult to keep track of all devices. Mobiles, laptops and tablets, often from different manufacturers with different applications and operating systems, are used increasingly for both business and pleasure. Managing these devices is not only a headache for IT teams but also expensive. Employers can no longer justify the amount of time and effort it takes to manage company devices that are multiplying on an almost daily basis.
Further contributing to this shift from device management to data protection is the explosion of cloud technology. Back in the early 1990s and 2000s, data could be said to belong to a device – this simply isn’t the case today. Data roams freely, with users able to access it from any device that connects to the cloud. The focus of mobile security is now rightly on how data is shared between devices and how it is protected – both while mobiles are in use and when and where data is stored on them. This is creating more pressure than ever for mobile operators to ensure they have secure networks as well as devices.
The issues facing mobile security today
Attacks on mobile phones, such as the Pegasus mobile botnet, are increasing both in terms of number and scale. Mobiles are a key target because they harbour the most sensitive data consumers and businesses have today – from personal and financial data stored by varied and numerous apps, to the in-built cameras, microphones, text and call history. Increasingly sophisticated attacks are becoming more rampant and will only continue to do so unless new measures are introduced.
The biggest threat to mobile security now and in the future, is the Internet of Things (IoT). It is predicted that we will reach 50 billion connected devices by the year 2020 – with the global net-worth of the IoT industry reaching US$6.2 trillion. This will be led by devices in manufacturing and healthcare, accumulating gross net-worth of US$2.3 trillion and US$2.5 trillion by 2025 respectively. In terms of consumer devices, Gartner has predicted it will total US$725 billion by the end of this year alone.
In 2016, we saw a significant rise in mobile ransomware attacks as a result of the IoT. As more mobiles were connected to the ecosystem, we saw hackers deploy large-scale attacks, taking advantage of poorly secured networks and end-points. Using distributed denial of service (DDoS) attacks, where company servers are flooded with such a huge amount of traffic that the site is brought down, cybercriminals were able to exploit the weaknesses of the IoT to steal sensitive data and infect further networks. This trend of cyberattack is only set to increase as we go forward.
Another key issue facing mobile security is the lack of consensus on how to govern and regulate the IoT. However, given the recent high-profile DDoS attacks, this is likely to change in the coming months. New regulation will take time, maybe even years, to agree and implement. The challenge for MSPs, telecoms and businesses will be to protect mobile devices from attacks while these regulations come into effect. The need for mature self-regulation in 2017 and the near future is essential to ensure existing mobile security.
The next generation of mobile security
While the above might paint a bleak picture, the reality is that mobile systems are still more secure than their desktop cousins. Taking a step back, it’s clear to see that mobile devices, even when connected to the IoT, are still more difficult to hack and less likely to be exploited than computers.
This fact hasn’t come about by accident. Mobile operators have deliberately rolled out strategies to safeguard mobile operating systems from malicious attack. Sandboxing for example, aims to eliminate the impact of application vulnerabilities by ensuring they can only operate in a controlled environment and are restricted in access to other areas of the device. While this goes quite a way in reducing the impact of malevolent apps on mobiles, it doesn’t always go far enough to protect devices completely.
The next level of mobile security will be based on full end-to-end encryption of both networks and devices. As attacks on mobiles can materialise from anywhere, from unsecure Wi-Fi networks and malicious apps to hackers exploiting devices themselves, telecoms and MSPs will need to ensure that both the hardware and networks are fully secure. Equipping mobile devices with scalable encryption that raises or lowers the Advanced Encryption Standard (AES) dependent on the user’s IP address, as found on the Genio phone, will enable this much-needed end-to-end encryption.
However, only encrypting devices will not stave off attacks for long. To achieve true security, mobile operators will need to roll out the latest encryption solutions. Services like the iOME IP-based telecom solution from Macate offer end-to-end encryption across the entirety of mobile networks which is a step in the right direction. What’s needed next is the industry to come together to create and develop regulations that will both protect consumer data and ensure the industry as a whole can mitigate the risk of malicious attacks on mobile devices and wider telecoms networks.