The new survey looks at the threats to business from the ubiquitous increase in the use of mobile devices, and the opportunities emerging as a result.
The widespread adoption of mobile services, coupled with the frequent nature of information security incidents, have focused attention of both consumers and corporate users on the potential risk that mobile poses to their privacy and security. Mobile users want to ensure that their privacy is maintained. 62 percent of consumers are concerned about identity theft.
The total annual cost to the global economy from consumer cybercrime is estimated at more than $110 billion; in Russia, the cost is put at $1 billion (the same as in Russia and Australia; in Europe it is $13 billion, and in the USA $38 billion). However, it is Russia that, proportionately, has the most cybercrime victims (85 percent), followed by China (77 percent) and South Africa (73 percent).
As well as personal data, such as contacts, bank card numbers, email addresses, photographs, and so on, the mobile devices that have become part of the IT infrastructure at companies also contain important corporate information giving access to data on the company's networks. More and more organisations are allowing their employees to use their own device to work with company data and programs (BYOD – Bring your own device). AT&T, for example, has already seen its wireless data traffic grow an astounding 20,000 percent between 2007 and 2012, driven primarily by the use of smartphones.
In the 12 months prior to a recent survey by Kaspersky Lab (2,895 interviews, including 356 with IT professionals in Russia), more than 90 percent of the companies covered had had at least one external IT security incident. 65 percent of those surveyed saw a threat in the Bring Your Own Device policy. Russian companies (57 percent) are the least concerned by this issue (compared to 93 percent in Japan).
By installing mobile apps without security measures being taken, accepting licence agreement terms without reading them, clicking links from people they don't know or on social networks and scanning QR codes in lifts, magazines, from websites and from other sources, people create a threat to the data to which they have remote access through the device. Clearly, businesses need to tackle the problems that are emerging with the ubiquitous increase in the use of mobile devices. Organisations need to develop and implement policies strict enough to reduce the likelihood of risks of data leakage. They need to introduce security functions for mobile devices, including mandatory protection using passwords and remote wipe, enabling confidential information to be deleted in case the device is lost or stolen. In 2012, just 14 percent of the companies surveyed had such a detailed security policy for the use of mobile devices within the corporate network. 20 percent of the Russian respondents said that their company had no IT security policy at all, 46 percent said that their company, but the time and budget available was insufficient, and 34 percent said that their company had a detailed policy.
"It must be said that IT security in Russia leaves much to be desired. There are, at minimum, two reasons for this: the lack of decent training for the lack of decent training for information security professionals, and the low level of information security culture and awareness among users and business as a whole. In a number of cases, the attitude to information security has more to do with box-ticking than a deep understanding of the matter," said Yerkozha Akylbek, Head of Communications & Media at KPMG in Russia and the CIS.
Many users do not even think that their company has rules on mobile device use: 36 percent say their company has no policy on use of mobile devices for work. 49 percent of respondents access or send personal emails through their work device, and 24 percent save both work and personal documents to the same online file storage account.
Demand for IT security services may create a "hothouse" for technology innovation. To survive in the longer term, operators will need to offer smart services built on top of their data traffic. These might include personal fraud watch and management, and consumer app risk management (such as telling consumers whether an app would leak their personal data to third parties). Other services could include personal identity, profile and password management. Operators might offer their corporate clients services including traffic analysis and detection of data leakage, harmful software, hacking and inherent security threats. In addition, telecoms operators can work with IT companies to offer clients secure IT infrastructure development services, allowing them to perform network-based work and transfer corporate data without worrying about its security.
According to the KPMG survey, IT decision makers in North America and Europe identified the following specific measures that might reduce the risks of mobile device use for work: remote lock and remote wipe in case the device is lost or stolen (83 percent); encryption capabilities for data on the device (76 percent); and encrypted email sessions, encrypted traffic for specific apps, or mobile VPN (71 percent).