Thank you for Subscribing to Apac CIO Outlook Weekly Brief
Securing the Airways Mobile Communications are Wide Open to Hacking. Encryption Delivers a Much-Needed Solution.
By Bob Ackerman, Founder & MD, Allegis Capital
If you like Hollywood gossip, you liked the emails outed in the hack of Sony Pictures. And you particularly liked those of studio co-chair Amy Pascal, who has since stepped down (read: been fired). They were full of insider dirt. She called Leonardo DiCaprio “despicable” and Angelina Jolie a “spoiled brat.” She made racially insensitive jokes about President Obama’s taste in movies.
Sensational stuff, but overlooked amid the media frenzy was one line that appeared at the bottom of many Pascal emails: “Sent from my Sony Xperia Z2.” Anyone who works in the field of IT security should print that out, frame it and hang it on their office wall.
With a growing number of employees and executives going mobile, CIOs need to devote serious attention to the security of their mobile communications. Today workers up and down the corporate ladder are sending and receiving sensitive information via call, text, email, instant message and social media.
There is a lot of enterprise data out in the airwaves and, once it’s out there, it can be stolen, in a lot of different ways. Hackers set up their own free public Wi- Fi hotspots and grab information from any mobile devices that connect. The recently revealed Snoopy drone can hover above city streets and access all the Internet activity of the devices below.
Whether it’s corporate spies, identity thieves or state actors in North Korea, there is a significant chance that someone is eavesdropping—and hearing what they want to hear. Voice calls are susceptible to any number of eavesdropping methods.
And text messages are equally vulnerable. Any hacker can see a text with a little effort. Recent analysis by the Electronic Frontier Foundation found that only six out of 39 commercial messaging applications—including iMessage, Facebook Chat, Face time, Snap Chat, Skype and Yahoo Messenger—have the features needed to guarantee the security of communications sent over the Internet.
Whether it’s corporate spies, identity thieves or state actors in North Korea, there is a significant chance that someone is listening in.
This, obviously, is a problem. Luckily, there is a solution: encryption. And a lot of companies are taking it up. The market for security software used in mobile devices will reach $2.9 billion by 2017, according to a report by market-research firm Informatics.
This, in turn, is spurring innovation. One startup with an intriguing solution to mobile hacking is Silent Circle. It has developed a self-contained mobile ecosystem that ensures privacy, control and security for mobile communications. Silent Circle’s Black phone offers fully encrypted voice, text and video calls, as well as a virtual private network that anonymizes web surfing, all of it built on a custom version of Android.
Other startups are taking different approaches. Wickr is an encrypted instant messaging application that features message destruction capability. Open Whisper Systems has developed an end-to-end encryption solution for private messaging and private calling. Cryptocat is an encrypted chat program.
“Security is an illusion, especially now that corporate data exists everywhere”
These solutions are quickly finding takers. More than 30 of the Fortune Global 50 companies use Silent Circle Black phones to secure their communications and enable mobile productivity. Politicians, executives, journalists, human rights activists and others use Wickr around the world.
The anecdotal evidence also shows demand for encryption. We talked recently to a Fortune 50 company that does a lot of international business and does not want potential customers listening in on its pricing discussions. We know a lot of executives who take no devices whatsoever when they travel to China, for fear of being hacked. Certainly they would welcome an encryption solution.
There is growing awareness that the interpersonal communications we’ve long assumed to be private are not in fact private. That’s why companies are taking action. According to a recent report from Dell, the amount of encrypted traffic through corporate firewalls has doubled over the past year and now accounts for 60 percent of all communications.
There are still hurdles to the growth of encryption. Legacy systems often make encryption difficult and upgrading or replacing them involves significant cost. Yes, the cost of a data breach is also significant but organizations that have yet to suffer one see a breach as a potential cost. An upgrade to the company’s entire IT ecosystem is immediate and large.
Still, smart companies are moving forward with encryption. They realize that communication, as we know it is simply not safe anymore. Security is an illusion, especially now that corporate data exists everywhere. It lives in the cloud, it’s shared on countless social media sites, and it travels with us on our smartphones and tablets.
The Sony hack was perhaps the clearest demonstration yet of the consequences of mobile communications being compromised. It certainly grabbed the most headlines. And if your company—and your executive team— would prefer to avoid those sorts of headlines, you had better take a long hard look at mobile encryption. Amy Pascal certainly wishes she had.