By Yiannis Giokas
Smartphones have become a necessity, both in our business and personal lives. We use them to store an incredible amount of personal information, and this, unfortunately, has lured a number of adversaries who seek access to our data, identity and funds. So how secure are we when using our smartphones?
An end-to-end mobile security solution isn't available yet, and the current solutions that provide the highest security require reductions in scope and flexibility, which will affect users' experiences. This may involve expensive, specialized hardware and software, as well as reduced choices in devices and features. I don't expect users being thrilled with the idea of swapping their iPhones and Galaxys for bulky secure mobile devices or dropping any of the free popular apps such as WhatsApp and Viber. Apple is one of the few vendors that has been proven to be highly cognizant of privacy following the controversial San Bernardino and New York cases.
Operation System: Some vendors have developed solutions on the OS (Operation System) level to encrypt and segregate data, but given the fact that not all of device manufacturers continue pushing fixes, even if you have the most cutting edge software on mobile, if there is a backdoor on the OS level, you might be at risk.
There are two levels of security:
Applications: We are seeing more and more C-levels communicating with colleagues via apps as they do with their families and friends. But in using these apps, how can we ensure we are not compromising security? That is why most instant messaging applications are steadily moving towards encrypted communication, either by design like Telegram and Signal, or by popular demand like WhatsApp and Viber. Apple again has been proved to be very privacy conscious by enabling encryption to all iMessage and FaceTime communications by default. Still, in order to ensure these security measures have been put into place, both ends must have the relevant application installed on the device, and even then, the inherent risk of OS vulnerability is present.
So, How Can I Protect Myself?
Having developed and commercialized a threat intelligence platform under Crypteia Networks (now a PCCW Global company) and today leading the R&D team there, I see data privacy as a major concern -- and I don't foresee an easy way to remedy exposure.
Use vendors that are continuously developing their OS. Unfortunately, only two vendors, namely Google and Apple, that keep their devices' OS constantly up-to-date and push security fixes as soon as they're available. Original equipment manufacturers of Android devices tend to take much longer to push fixes due to implications with the custom features they're adding in their phones.
So, what can enterprises do in order to protect themselves from possible fraud attempts and threats, and how they can achieve adoption and compliance in the shortest time span without investing huge amounts of money in proprietary devices for all their employees, or increasing IT complexity by deploying multiple platforms? The answer should be somewhere between using mobile devices that tend to push security fixes as soon as they are discovered, the introduction of a mobile device management (MDM) solution, and the selection of a set of commonly used apps as their key communication means that have enchanted security features.
Use a mobile device management (MDM) solution. MDM solutions are now in vogue in the corporate world for two reasons. Firstly, we're seeing more and more BYOD policies implemented, and, secondly, we're protecting corporate data that resides on users' mobile devices. MDM solutions protect corporate data on devices to offset the potential vulnerabilities of unreliable operating systems and applications. Consumers who don't have access to such solutions should keep an eye out for new OS updates and do thorough research prior to downloading any new app.
Be security conscious. You should create awareness among users to ensure the optimal usage of the apps available to them. In particular, pay attention to what they share through the apps, what type of access they're providing to the information stored on the device, and the links that users click on. As well, remind them to update their apps and OS to the latest security updates.
Entrepreneurs in the mobile security domain should continue to develop multi-platform and multi-vendor solutions, since the market is very lucrative and currently expanding. One interesting path to success might be for startups/vendors to develop telecom grade solutions for the mobile network operators (MNOs), enabling them to monitor users' traffic behavior and analyze suspicious events.
Yiannis Giokas is a serial entrepreneur with domain expertise in cybersecurity, data analytics and telecoms; currently, he is the Vice President of Research and Development at PCCW Global.
REAL LIFE. REAL NEWS. REAL VOICES.
Help us tell more of the stories that matter from voices that too often remain unheard.