assurance for the mobile user: mobile device security

Assurance for the Mobile User:Mobile Device Security

Symantec Mobile Enterprise Security

2

Agenda

Who are we?

Evolving Device Security Market

Call To Action

1

2

3

Market for Device Security


4

Consumers Grow Sophisticated as the World Converges..

Mobile Content, Services, Providers all Converging …

Emergence of the “Prosumer”

Mobile Content, Services, Providers all Converging …

Emergence of the “Prosumer”

• Better Devices– 100 Million Symbian Smart

Phones shipped to-date

– High penetration in matured markets & youth segments in emerging markets

– IMS Services Enabled Devices

• Richer Content– Open Standards Push eMail

– 38.2% CAGR grow in Mobile eMail

– Richer Content on Devices

– Better cameras, more storage

• Richer Services– M-Commerce Resurgence

– Content to Blog sites


5

The Smart Phone Security “Perfect Storm”

Outdated Thinking: 75% of companies have not addressed smart phone security*(60% cite security as biggest mobility obstacle*)

IT is Organizing:Ad hoc deployment giving way to centralized policies that include all endpoints (Server, PC, Laptop and Mobile)

Mobile/wireless IT spending likely to exceed IT budget growth in many organizations: 12.5% avg. growth rate (Source: Gartner)

Increasing Mobile Device Threats: Mobile virus variants have doubled every 6 months since 2004 (235 mobile virus variants in H1’06)(Source: Symantec Security Response)

Enterprise Faith: 80% of companies are allowing corporate data on devices, yet continue to not secure the data*

Fastest Growing Device Segment: Smart phone growth = 77%Other mobiles = 27%Mobiles out ship PC’s 5:1 in 2006(Source: Canalys for H1’05 to H1’06, IDC & Gartner)

* Q1 2006 Symantec survey conducted by Economist Intelligence Unit


6

Global Survey on Enterprise Attitudes Toward Mobile Device Security• OBJECTIVES

– To explore corporate attitudes regarding enterprise mobile device security

– Survey done against 248 companies headquartered in North America , Western Europe, and Asia Pacific

• RESULTS– 60% said security biggest obstacle– Only 9% addressed security issues– 88% of companies deals with security on an ad-hoc basis or do not

address it at all – 25% of senior management fully understands the risks of mobile

computing in North America, compared with 30% in Western Europe and 37% in Asia Pacific.

– 4 out of 5 companies surveyed view the risk of mobile data services the same or greater than wired data risks.

Source : Economist Intelligence Unit


7

Global Survey on Enterprise Attitudes Toward Mobile Device Security

• NOTABLE DATA– Reasons for companies permitting mobile access

• Improve employee productivity - 73%,

• to enable increased business flexibility - 46%, and

• increase responsiveness to customers - 33%.

• POLICIES ON STORAGE OF CORPORATE DATA– While 21% of North American companies allow storage of corporate

data on employee-owned mobile devices and leave security to employees, only 13% of companies in other global regions do the same.

– Only 53% of North American companies limit storage of corporate data to company-owned mobile devices; 64% of companies outside North America allow storage of corporate data only on company-owned devices.

Source : Economist Intelligence Unit


8

New Symbian Threats by Month

0

5

10

15

20

25

30

35

Jun-

04

Jul-0

4

Aug

-04

Sep

-04

Oct

-04

Nov

-04

Dec

-04

Jan-

05

Feb

-05

Mar

-05

Apr

-05

May

-05

Jun-

05

Jul-0

5

Aug

-05

Sep

-05

Oct

-05

Nov

-05

Dec

-05

Jan-

06

Feb

-06

Mar

-06

Apr

-06

May

-06

Jun-

06

Jul-0

6

Month

Nu

mb

er o

f N

ew T

reat

s

Threats

Cabir released

Skulls[A-B] releasedCabir.B Released

Cabir Source Code released18 Variants in 1 Month Commwarrior[A-B], Dampig, Drever[A-C], Skulls[E-H] released

Doomboot[A-C], Skulls[K-L], Cabir.U released

First Symbian SpywareReleased.

Threat Landscape:Wireless Threats Continue to Proliferate

• Symantec Response has already identified over 30 vulnerabilities on the Windows Mobile 5 OS. Threats for Windows Mobile are likely to follow a similar evolution pattern as Symbian and PC threats.


9

• Increasing amount of personal content on mobiles

– Highly personal pictures, videos e.g. lost mobile content in HK sold for profit

• Attacks now for Financial Gain… not Notoriety

– 30 of the top 50 threats exposed user confidential data (source Symantec ISTR X http://www.symantec.com/enterprise/threatreport/index.jsp)

• Premium SMS attacks can drain user accounts

– RedBrowser.A and Webser released in February 2006

– No predictive fraud detection methods in many mobile payment mechanism similar ass offered by Visa and MasterCard

• Devices increasingly becoming payment instruments

– Pay-with-a-wave in Japan, UK… add financial risk to mobile

New Platform, New Risks: Pranking4Profit

Mobiles are becoming digital wallets and identities

but Mobile payment fraud methods are comparatively immature

Mobiles are becoming digital wallets and identities

but Mobile payment fraud methods are comparatively immature


10

• People are the Perimeter: Mobile blurs the distinction between Employee and Consumer, between user and network

– If a mobile phone is always with you… it is always a risk• 70% use their mobile phones as alarm clocks (source ICM Research)

– Snoopware: Mobile spyware exploits the telephony apps… not eMail

• Consult the calendar to determine the best times to snoop

• Remotely activate the microphone to eavesdrop on conversations or spy via pictures and video

• Examples: FlexiSpy and iCam (available April 2006)

New Platform, New Risks: Snoopware… an Invasion of Privacy

Snoopware puts a Stranger in your Bedroom and a Competitor in your Boardroom

Snoopware puts a Stranger in your Bedroom and a Competitor in your Boardroom


11

• Loss/Theft/Damage of a mobile device far more likely than PCs

– Phones lost 15X more frequently than PC’s by some estimates

– In the UK, 20,000 devices are lost or stolen in the UK each month and one third of all robberies now solely involve mobile phones (Sources: ARC & UK Gov’t Stats)

• Loss Mitigation: Flexible defense to match the risk

– Anti-Virus, Remote wipe and kill, Data Encryption, File Activity Log

• AV prevents undetected loss of data

• Activity Log = peace-of-mind & a regulatory compliance option without the overhead of encryption

– Future of Loss Mitigation: Data Backup and Recovery

• Data tagged as personal or business, encrypted on the phone, sent over-the-air and targeted at either the work or home PC for back-up

New platform, New risks: Mobile Loss Mitigation

Lost phones hurt everyone: Users, Employers and Operators


12

Call to Action

Managed Anti-Virus

Prevent virus & malware

outbreaks

Anti-SPAMeMail SPAM prevention

Secure User Identities

Prevention of identity theft

IM Threat Protection

SPAM prevention on

IM

Managed Apps Back Up & StorageProtecting

business critical information

Managed Web Content

Prevent attacks on corporate

web sites

Mobile Device ProtectionAnti-Virus &

Firewall

Managed Anti-Virus

Prevent virus & malware

outbreaks

Anti-SPAMeMail SPAM prevention

assurance for the mobile user: mobile device security

Documents

mobile devices

mobile user

mobile phones

windows mobile

mobile blurs

mobile access

mobile mobilewireless

mobile device security