Robert Dyer is Vice President heading the Latin American (LTAM) region at McAfee. Dyer leads all sales and business operations for the region. Since 1997, Dyer has been essential to McAfee’s continued growth in the Latin American region. Dyer is an 18-year veteran of the technology industry. During his tenure at McAfee, Dyer has served in sales leadership functions ranging from sales and distribution manager to Director of Sales for the Caribbean, Central America, South America, and Mexico. He is responsible for the development of a two-tiered channel model which has been instrumental to the exceptional growth of McAfee in the region. McAfee has also significantly expanded its participation in Latin America's Consumer segment under Dyer's leadership. He is a graduate of the school of Business Administration at the University of Miami.
José Roberto de Oliveira Antunes is a Systems Engineering manager. He joined the company in July 2003, working since then as the manager of the Systems Engineering team. Holding a BSc in Computer Science from Universidade Paulista (UNIP), he has worked in the information security for over ten years as a systems engineer, and gained experience working with leading vendors in industry. He has specialised and obtained certifications in specific areas, namely TCP-IP and Cisco from Global Knowledge, SANS Security Essentials and CompTia, among other entities.
This article reflects on McAfee’s detailed survey of corporate usage of mobile devices. Current trend of ‘consumerisation’ is blurring business and personal usage of mobile devices, which increases risks to data confidentiality and adds to the vulnerability to cyber-attacks. In particular, Brazil and Mexico are cited for their poor capability to withstand cyber-crime. User behaviour is much to blame too, with one in three employees being unaware of existing corporate policies and basic security precautions. With less than two per cent of the device price, appropriate security systems can be in place, avoiding the high impact of lost or stolen devices that may contain compromising personal and corporate data.
Fiction turned into reality. Mobility is so pervasive in our lives that it is almost impossible today to imagine how we could keep our personal and business appointments without it. Since the dawn of civilisation, Neanderthals recorded in caves drawings of their daily routine. In the twentieth century, stockbrokers at Wall Street needed to keep in touch – both inside and outside the trading floor – and developed early mechanisms for the creation of cell phones. In other words, the need to communicate drives us to create new ways and means.
McAfee Labs and Research Center forecasts for this year an increase in threats to mobile devices, social media and PCs, as cyber-criminals are focusing on finding new attack methods and consequently causing damage to users. Thousands of owners of new devices will be easy targets if they fail to take proactive measures to ensure their safety.
Given this scenario, with the growing threats targeting cell phones and other mobile devices, it is important that users deploy security measures, such as not keeping personal passwords in a single device, and not storing unprotected financial information, like credit card numbers and bank account, on mobile phones. It is essential that consumers adopt best practices when using PCs and all mobile devices connected to the Internet.
Investing in security could cost much less than people think. The cost of securing a device accounts for less than two per cent of the device price. However, choosing a security system should be carefully considered. The market offers solutions that should be reviewed with caution, because this system should address the entire lifecycle of the devices. Users have specific needs that require certain applications, and now IT departments begin to wonder how to manage these requirements. It is important to ask what the user wants and what the company needs, and only then define and establish policies and rules on how these solutions are to be managed.
A recent survey conducted by McAfee, titled “Mobility and Security: Dazzling Opportunities, Profound Challenges,” indicates that risky behaviour and inefficient security procedures are commonplace in mobile security. Although an increasing number of consumers use mobile devices for business and personal activities, a large portion of them is unaware of the corporate policy regarding the use of these devices.
According to this survey, Mexico and Brazil are two of the most vulnerable countries in Latin America, with serious concerns regarding their ability to respond to all forms of cyber incidents. Three quarters of the survey respondents in Brazil and more than half of the respondents in Mexico identified China or Russia as the key sources of cyber threats.
With the increasing consumerisation of IT, more than half – about 63 per cent - of the workforce uses corporate devices for personal activities as well. This illustrates some of the challenges faced by companies today. Although the majority of the companies – 95 per cent – have security policies and standards in place, they remain unprotected, since few employees are fully aware of the corporate mobile security policies. Technologies like iPhones, iPads, Androids, among others, will soon be widespread across many major companies, as evidenced by the ‘Fortune 100’ ranking, where 65 per cent of the listed companies use iPads already or run pilot projects for their business.
Mobile devices for business and personal use
The analysis also indicates that half of the respondent companies are confident about the use of mobile devices: 31 per cent are very confident, and 18 per cent are extremely confident. The survey, which included seven countries, shows that, in India, 13 per cent of the respondents said their primary device is a desktop PC, while 56 per cent use laptops and 16 per cent use smartphones as their primary devices. In the UK, 64 per cent of the respondents use laptops as their primary computing device. This data show that the proliferation of mobile devices grows both in developed nations and emerging economies.
In the virtual threats environment, we notice that cybercriminals are shifting their targets: they have intensified actions targeted at mobile devices. This is the key finding of the 2011 threat forecast report issued by McAfee. The risks of unauthorised access to confidential information are present not only in the virtual environment. Attacks have also occurred on devices pen drives, USB devices, CDs and DVDs, and other removable media. The most recent example of a USB-based attack is Wikileaks, a world-famous website, known for disclosing leaked confidential information.
Ninety-five per cent of corporations have specific security policies in place for mobile devices; however, less than one in three employees is aware of the standards in place at their companies. Most mobile devices are used for e-mailing (93 per cent), followed by contact management (77 per cent) and calendaring (72 per cent). In fact, there is a wide gap between the standards related to these new devices and the employee awareness. Therefore, the conclusion of IT experts and professionals is that devising an effective security policy is a challenging task.
Awareness of the corporate data security and protection for mobile devices
Allowing users to access application stores from mobile devices
Another issue that concerns businesses is devices loss and theft. Four out of ten surveyed organisations have had their mobile devices lost or stolen. These devices are more vulnerable to theft or loss, but mobile communication enables security mechanisms with device tracking. Failing to adopt an appropriate security mechanism has its financial impact: almost one third of the surveyed companies said they had suffered losses, and two thirds of those have increased their security post-incident.
Types of data in lost or stolen mobile devices
According to this survey, nearly half of the respondents keep sensitive data in their mobile devices; one-third of employees make use of the same device for both business and personal activities. On average, users use four different types of mobile devices: Laptops are ranked top (72 per cent); smartphones lag slightly behind (48 per cent); then come removable media (46 per cent); finally, external hard drives (33 per cent).
Researchers and experts highlight three important factors that lead to deficient management of mobile solutions:
- lack of awareness regarding the corporate security policies
- the use of personal devices for business purposes as distinctions between professional and leisure use is blurred
- low investments in security solutions, which, as non-core business expenditure, could be regarded as an unnecessary cost.
Although the need to reduce risks and threats to mobile security is well known, less than half of users back up more frequently than once a week data stored on their mobile devices. Approximately half of users store passwords, PIN numbers or credit card details in the mobile devices. One in every three users stores confidential business-related information in mobile devices.
In the current scenario, there is no way of controlling such widespread mobility risks. In large organisations, entertainment during work hours is a common issue: one in five companies allows the use of any platform in the corporate environment; 49 per cent of companies allow employees to purchase their own mobile devices. Almost two thirds of employees access the corporate network for both business and personal purposes.
Various smartphone environments
Given these alarming statistics, it is important that organisations begin to prioritise security measures as well as enhance their employees’ awareness regarding security policies. This does not mean refraining from enjoying technology benefits, but rather knowing how to separate usage of devices for professional and personal use, and keeping in mind – in both situations – the required security precautions. Data loss is a big issue for consumers and businesses alike. Consumers need tools to protect personal information, while businesses require a way to protect their intellectual property.
IT consumerisation is here to stay, so it is essential to break old patterns and paradigms and invest in new technologies to overcome the challenges associated with today's mobile devices that tend to merge business and personal life. It is important to keep the corporate network secure and control the full lifecycle of employees’ mobile devices. When organisations have established criteria for security, connectivity and integration, they’ll benefit from increased productivity, an improved operating performance and, consequently, revenue growth.