Mobile Device Management

What's next for mobile security?

This is a contributed piece by Isaac Daniels, Founder and CEO of Macate

The past two decades have seen the telecom and Mobile Service Provider (MSP) landscape evolve in ways we could never have predicted. Since the boom in mobile adoption in the late 90s, and the subsequent birth of the Internet of Things (IoT) in the 00s, the focus on mobile security has increased considerably. In recent years, we have also seen many telecom giants move into the Over The Top (OTT) arena, further impacting the mobile landscape.

However, with cyber-hackers becoming more sophisticated and covert in their attacks, both B2B and B2C customers are demanding more rigorous security measures. As such, telecoms and MSPs are facing an increasingly challenging and complex environment to manage and protect.

Challenges facing telecoms and MSPs today

There has been a significant shift in focus from device management to data protection, thanks to a combination of new cloud technologies and the move towards a BYOD culture that is spreading across the enterprise. Even five years ago, it could be said that data ‘belonged’ to a device but this just isn’t true today. Data now roams freely, as users are able to retrieve documents and data from the cloud via any device – be it mobile, tablet or PC.

One of the biggest challenges for telecoms and MSPs is how to deal with this paradigm shift. No longer is it enough to merely ensure a device itself is secure, companies must now focus on protecting the data that is shared between multiple devices and stored on the cloud and hardware.

The other major challenge facing the industry is the increasing number and variety of cyber-attacks. Mobile phones are a key target for hackers as they hold some of the most sensitive and personal data users have – from financial and personal data stored in the many applications to text and call history and in-built cameras and microphones that can be hacked for covert surveillance. Telecoms and MSPs are facing an up-hill battle to keep up with increasingly sophisticated mobile attacks such as mobile botnets like Pegasus and constantly evolving malware.

Exasperating this challenge is the IoT. Gartner has predicted that there will be 50 billion connected devices by 2020, creating a global net-worth of $6.2 trillion. The manufacturing and healthcare industries will lead the charge, accumulating a gross industry net-worth of $2.3 trillion and $2.5 trillion by 2025 respectively. Yet as the IoT becomes all-encompassing, and more devices are added to the vast ecosystem, we are seeing an even sharper increase in mobile attacks.

In 2016 and early 2017, we saw hackers deploy large scale attacks on mobiles, taking advantage of the exposed networks and end-points that form the currently weak backbone of the IoT. Distributed Denial of Service (DDoS) attacks were the choice du jour as hackers flooded servers with huge levels of traffic, bringing over half of the US internet to its knees in 2016. It’s undeniable that this type of attack will only increase as we move forward.

Another key issue facing mobile security is the lack of regulation surrounding the IoT. While there are years of regulation upholding the telecommunications industry, this has yet to materialise for the IoT. The key challenge for MSPs, telecoms and wider business will be how they can self-govern and regulate to ensure existing and future mobile security while working together to bring about much needed regulation.

Securing the future of mobile

For all the challenges facing the industry surrounding mobile security and consumer privacy, mobiles are still more secure than their desktop counterparts. Telecoms and MSPs have worked hard to achieve this, creating new strategies and technologies to safeguard mobile operating systems (OSs) from malevolent attacks.

For example, sandboxing limits an application’s access to other areas of a device outside a designated “safe zone”. This aims to reduce the devastating impact vulnerable apps can have on mobile devices. While this does help to mitigate the risk of malicious apps infecting devices with malware or hijacking it for covert surveillance, it does not always provide sufficient protection.

To secure the future of mobile security, telecoms and MSPs will need to move towards full end-to-end encryption, of both mobile devices and entire networks. We are all too well aware that cyberattacks can come from anywhere, be it unsecure Wi-Fi networks, malicious apps or infected networks themselves.

Mobile handsets of the future will all have scalable encryption inbuilt into the devices. Enabling mobiles to adapt the Advanced Encryption Standards (AES) dependent on the IP address where the phone is in use, as found on the Genio phone, will mean that devices themselves are never left open to attack. With the encryption level automatically moved to the government standard of the location, users, telecoms and MSPs will always know the device is secure.

However, only encrypting devices will not stave off every attack targeting the IoT. The back-end infrastructure of mobile networks must also be encrypted to the highest standards to ensure that all potential back-doors are firmly closed to hackers. Services like the iOME IP-based telecom solution, that offers end-to-end encryption across the entirety of mobile networks, will become more commonplace

Ultimately, to bring this holistic encryption to reality, the telecom and MSP industry must come together to develop and implement regulations that will both protect customer data and ensure the overarching security for mobile in the coming years.


« News Roundup: How did Kaspersky get hold of NSA code?


Three unique security solutions to take note of »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?