assurance for the mobile user: mobile device security
TRANSCRIPT
Assurance for the Mobile User:Mobile Device Security
Symantec Mobile Enterprise Security
2
Agenda
Who are we?
Evolving Device Security Market
Call To Action
1
2
3
Market for Device Security
Symantec Mobile Enterprise Security
4
Consumers Grow Sophisticated as the World Converges..
Mobile Content, Services, Providers all Converging …
Emergence of the “Prosumer”
Mobile Content, Services, Providers all Converging …
Emergence of the “Prosumer”
• Better Devices– 100 Million Symbian Smart
Phones shipped to-date
– High penetration in matured markets & youth segments in emerging markets
– IMS Services Enabled Devices
• Richer Content– Open Standards Push eMail
– 38.2% CAGR grow in Mobile eMail
– Richer Content on Devices
– Better cameras, more storage
• Richer Services– M-Commerce Resurgence
– Content to Blog sites
Symantec Mobile Enterprise Security
5
The Smart Phone Security “Perfect Storm”
Outdated Thinking: 75% of companies have not addressed smart phone security*(60% cite security as biggest mobility obstacle*)
IT is Organizing:Ad hoc deployment giving way to centralized policies that include all endpoints (Server, PC, Laptop and Mobile)
Mobile/wireless IT spending likely to exceed IT budget growth in many organizations: 12.5% avg. growth rate (Source: Gartner)
Increasing Mobile Device Threats: Mobile virus variants have doubled every 6 months since 2004 (235 mobile virus variants in H1’06)(Source: Symantec Security Response)
Enterprise Faith: 80% of companies are allowing corporate data on devices, yet continue to not secure the data*
Fastest Growing Device Segment: Smart phone growth = 77%Other mobiles = 27%Mobiles out ship PC’s 5:1 in 2006(Source: Canalys for H1’05 to H1’06, IDC & Gartner)
* Q1 2006 Symantec survey conducted by Economist Intelligence Unit
Symantec Mobile Enterprise Security
6
Global Survey on Enterprise Attitudes Toward Mobile Device Security• OBJECTIVES
– To explore corporate attitudes regarding enterprise mobile device security
– Survey done against 248 companies headquartered in North America , Western Europe, and Asia Pacific
• RESULTS– 60% said security biggest obstacle– Only 9% addressed security issues– 88% of companies deals with security on an ad-hoc basis or do not
address it at all – 25% of senior management fully understands the risks of mobile
computing in North America, compared with 30% in Western Europe and 37% in Asia Pacific.
– 4 out of 5 companies surveyed view the risk of mobile data services the same or greater than wired data risks.
Source : Economist Intelligence Unit
Symantec Mobile Enterprise Security
7
Global Survey on Enterprise Attitudes Toward Mobile Device Security
• NOTABLE DATA– Reasons for companies permitting mobile access
• Improve employee productivity - 73%,
• to enable increased business flexibility - 46%, and
• increase responsiveness to customers - 33%.
• POLICIES ON STORAGE OF CORPORATE DATA– While 21% of North American companies allow storage of corporate
data on employee-owned mobile devices and leave security to employees, only 13% of companies in other global regions do the same.
– Only 53% of North American companies limit storage of corporate data to company-owned mobile devices; 64% of companies outside North America allow storage of corporate data only on company-owned devices.
Source : Economist Intelligence Unit
Symantec Mobile Enterprise Security
8
New Symbian Threats by Month
0
5
10
15
20
25
30
35
Jun-
04
Jul-0
4
Aug
-04
Sep
-04
Oct
-04
Nov
-04
Dec
-04
Jan-
05
Feb
-05
Mar
-05
Apr
-05
May
-05
Jun-
05
Jul-0
5
Aug
-05
Sep
-05
Oct
-05
Nov
-05
Dec
-05
Jan-
06
Feb
-06
Mar
-06
Apr
-06
May
-06
Jun-
06
Jul-0
6
Month
Nu
mb
er o
f N
ew T
reat
s
Threats
Cabir released
Skulls[A-B] releasedCabir.B Released
Cabir Source Code released18 Variants in 1 Month Commwarrior[A-B], Dampig, Drever[A-C], Skulls[E-H] released
Doomboot[A-C], Skulls[K-L], Cabir.U released
First Symbian SpywareReleased.
Threat Landscape:Wireless Threats Continue to Proliferate
• Symantec Response has already identified over 30 vulnerabilities on the Windows Mobile 5 OS. Threats for Windows Mobile are likely to follow a similar evolution pattern as Symbian and PC threats.
Symantec Mobile Enterprise Security
9
• Increasing amount of personal content on mobiles
– Highly personal pictures, videos e.g. lost mobile content in HK sold for profit
• Attacks now for Financial Gain… not Notoriety
– 30 of the top 50 threats exposed user confidential data (source Symantec ISTR X http://www.symantec.com/enterprise/threatreport/index.jsp)
• Premium SMS attacks can drain user accounts
– RedBrowser.A and Webser released in February 2006
– No predictive fraud detection methods in many mobile payment mechanism similar ass offered by Visa and MasterCard
• Devices increasingly becoming payment instruments
– Pay-with-a-wave in Japan, UK… add financial risk to mobile
New Platform, New Risks: Pranking4Profit
Mobiles are becoming digital wallets and identities
but Mobile payment fraud methods are comparatively immature
Mobiles are becoming digital wallets and identities
but Mobile payment fraud methods are comparatively immature
Symantec Mobile Enterprise Security
10
• People are the Perimeter: Mobile blurs the distinction between Employee and Consumer, between user and network
– If a mobile phone is always with you… it is always a risk• 70% use their mobile phones as alarm clocks (source ICM Research)
– Snoopware: Mobile spyware exploits the telephony apps… not eMail
• Consult the calendar to determine the best times to snoop
• Remotely activate the microphone to eavesdrop on conversations or spy via pictures and video
• Examples: FlexiSpy and iCam (available April 2006)
New Platform, New Risks: Snoopware… an Invasion of Privacy
Snoopware puts a Stranger in your Bedroom and a Competitor in your Boardroom
Snoopware puts a Stranger in your Bedroom and a Competitor in your Boardroom
Symantec Mobile Enterprise Security
11
• Loss/Theft/Damage of a mobile device far more likely than PCs
– Phones lost 15X more frequently than PC’s by some estimates
– In the UK, 20,000 devices are lost or stolen in the UK each month and one third of all robberies now solely involve mobile phones (Sources: ARC & UK Gov’t Stats)
• Loss Mitigation: Flexible defense to match the risk
– Anti-Virus, Remote wipe and kill, Data Encryption, File Activity Log
• AV prevents undetected loss of data
• Activity Log = peace-of-mind & a regulatory compliance option without the overhead of encryption
– Future of Loss Mitigation: Data Backup and Recovery
• Data tagged as personal or business, encrypted on the phone, sent over-the-air and targeted at either the work or home PC for back-up
New platform, New risks: Mobile Loss Mitigation
Lost phones hurt everyone: Users, Employers and Operators
Symantec Mobile Enterprise Security
12
Call to Action
Managed Anti-Virus
Prevent virus & malware
outbreaks
Anti-SPAMeMail SPAM prevention
Secure User Identities
Prevention of identity theft
IM Threat Protection
SPAM prevention on
IM
Managed Apps Back Up & StorageProtecting
business critical information
Managed Web Content
Prevent attacks on corporate
web sites
Mobile Device ProtectionAnti-Virus &
Firewall
Managed Anti-Virus
Prevent virus & malware
outbreaks
Anti-SPAMeMail SPAM prevention
Q&A