With 2016 now upon us, RCR Wireless News has gathered predictions from leading industry analysts and executives on what they expect to see in the new year.
A recent survey by Pryvate found 29% of U.S. consumer respondents share sensitive work information through their mobile phones at least once per week and 21% believe stolen information taken through a hack of their mobile phone would harm their professional reputation. In fact, 11% of respondents said being hacked would be worse than losing a job.
With these numbers it’s not difficult to predict in the year ahead mobile phone security, and specifically encrypted communications, will continue to be a hot topic as the sophistication of cyberattack techniques continue to evolve. We’re already seeing an increasing number of attacks targeting mobile devices, as mobile phones and tablets are inherently less secure than laptops and desktop computers. The compromising of business critical communications, whether it is due to cyberespionage or predatory cybercriminals, is one of the greatest threats businesses face and could inhibit a company’s competitive edge.
Businesses are largely still underprepared to protect their valuable data from mobile security threats. Their keenness to embrace the move towards “mobile first” often sees them underestimate the need to invest in mobile security. The use of personal devices in the work environment is now commonplace, yet many businesses fail to have effective flexible working or “bring-your-own-device” policies in place. Further exacerbating this problem is the amount of malware in existence being targeted toward mobile devices. The implications of this could be vast and it’s only a matter of time before a major data breach is caused by cybercriminals hacking a mobile device.
In 2015, we saw the debate heat up over the banning of encryption, both in the U.S. as well as in the U.K. with the introduction of the Investigatory Powers Bill. The legislative action being discussed could potentially see civil liberties turned on their head, with everyone’s personal online lives available for official scrutiny without a clear rationale or justification. Everything from family photos, medical records, confidential business transactions and legal communications could be exposed at a whim.
Whilst there does need to be an updating and an expansion of legislation to account for the digital age, this should not override the right to privacy. Threat actors will always find nefarious ways of using good intentioned technology for their own means. Proposals in which providers can decrypt secure communications would make communications services deliberately less secure than they are designed to be.
Not only do proposals for backdoors into encrypted services and devices have the potential to open up more consumers to having their data stolen, it also puts more businesses at threat of losing data and facing legal action and fines – through no fault of their own. In an age where cybercrime sophistication is exponentially on the increase, weakening encryption is simply the wrong way to go.
Rather than weakening encryption, what is needed in 2016 is an Internet-device database, which keeps a record of the purchaser or owner of every Internet-enabled device. This would also include legislation on the supply of these devices, which requires purchasers and resellers to record the ID of the purchaser and forces mobile operators/ISPs to require a license number before providing connectivity services.
A mobile phone, tablet or laptop has the power to send a message to anyone anywhere in the world and it is possible to find the originating device. It is perfectly reasonable for the police to be able to track who sent it, or who is talking to whom, but the answer isn’t access to the content en masse, it is better knowledge of the devices themselves. This proposed solution would enable tracking and group chat identification and is surely a much stronger and more robust solution than attempting to monitor the masses when in fact it’s the few that need this level of control.
By using this data, law enforcement would be able to obtain the paper trail they are interested in and draw connections when persons of interest communicate. It would also remove the capabilities for terrorists and criminal gangs to use burner phones and communicate freely over the telephone.
In this digital age, private communication should be a fundamental right, whereby consumers and professionals alike can communicate with whomever they choose as securely as if they were speaking to them face-to-face. Time and time again security tests have shown that end-to-end security is the only way to prevent cybercriminals, intruders, corporate espionage, hackers, rogue nation states and more from violating the privacy of individuals. In a mobile society where companies work across the globe, families are separated by oceans, and sensitive information like medical records and bank details are communicated digitally daily, the need for an absolutely secure end-to-end encryption solution is paramount.