Sensitive information discussed as often on mobile phones as in email, yet less than one in five companies protect themselves adequately
London, 3rd December 2009: A survey released today, conducted amongst 250 senior executives in the United States by ABI Research (www.abiresearch.com), on behalf of Cellcrypt (www.cellcrypt.com), reveals that the majority of large and medium businesses are failing to adequately protect themselves against the growing threat of mobile voice call interception; leaving them vulnerable to loss of sensitive and confidential corporate information.
Businesses clearly recognise the threat of cell phone interception: three-quarters of the surveyed corporations have a security policy covering cell phone calling and four out of five IT professionals surveyed believe that cell phones are equally or more vulnerable to interception than email.
Yet, the research shows that while mobile phones and email are both used routinely to communicate confidential information – with 79% of organisations that discuss sensitive or confidential information over mobile doing so at least weekly and 51% daily – only 18% have explicit mobile voice call security solutions in place.
Research has shown that data loss can have a major impact on market capitalisation, reducing it by as much as 5-10%(1), as well as resulting in lawsuits for senior executives, severely damaging their reputation.
The growing problem was highlighted in August, when German hackers announced a project to create a code table that cracks the encryption of GSM mobile calls, used in 80% of the world’s cell phone calls. This codebook is planned to be freely available within the next 6 months, and significantly lowers the bar for everyday hackers to crack GSM calls using only a high-end laptop.
One alarming fact emerging from the survey was that 55% of respondents in IT roles thought that their organisation had implemented mobile voice call encryption solutions but on further investigation only 18% had actually done so.
“Effective email security has become routine but our research shows most businesses do not apply anything like the same level of robust security to cell phone calls. Companies that do not respond are exposing themselves to attack,” said Stan Schatt Vice President and Practice Director, Healthcare and Security, ABI Research.
“Equally concerning is that a significant number of people who identified themselves as being responsible for cell phone voice call security incorrectly believe the organisations’ mobile calls have been protected when they have not. This perception that they are protected when in reality they are not suggests a serious hole in the information security of many businesses. It is important that companies take urgent steps to review their measures for countering this growing corporate risk area,” Schatt continued.
“In light of this summer’s news that a GSM cracking codebook will be made widely and freely available very soon – possibly before the New Year – and sub-$1000 interception equipment being available soon after, this lack of security is particularly worrying,” says Simon Bransfield-Garth, CEO of Cellcrypt.
“Businesses must plan now for the eventuality that their mobile voice calls will come under increasing attack within the next 6 months. A ‘policy of hope’ towards mobile phone security is not adequate, voice is another data service and should be afforded the same security considerations as email and other corporate communications,” continued Bransfield-Garth.
Security of mobile voice calls is not limited to interception of radio waves between a cell phone and a base station mast: interception risks occur at various segments along a call path which may involve multiple network operators in a variety of countries each having a different level of security measures and risks.
(1) Templeton College, Oxford University
# Ends #
− 75% of the businesses surveyed discuss sensitive or confidential information via cell phones and 81% do so via email
− Of that 75%, 79% of businesses do so at least weekly, 51% do so daily
− Of the businesses sampled, 82% have a high level of concern about the security of email and 69% about cell phone security
− 41% of the individuals surveyed think mobile phones are more vulnerable to interception than email and 39% think they are equally as vulnerable to interception as email
− 74% of businesses discuss financially sensitive information on cell phones and of those 77% believe that if this were intercepted it would have a major impact
− 55% of respondents thought that their organisation had implemented mobile voice call encryption solutions but on further investigation only 18% had actually done so
Notes to Editors
A primary survey was conducted by ABI Research on behalf of Cellcrypt on August 4-6, 2009 with two follow-up surveys conducted October 14-15 and November 10-12, 2009
– The sample size was 250
– The participation requirements were:
o Work for organisations that employ 100+ people
o Work for organisations whose employees use mobile phones for business purposes
o Work in IT, Telecom, Corporate Management, or Line of Business Management
o Very or extremely knowledgeable about the use of mobile phones by employees and members of management in their organisation
– All participants were based in the US
– The term ‘large business’ denotes any company with over 1,000 employees
Cellcrypt is the leading provider of technology to secure mobile voice calls on everyday smartphones. Founded in 2005, Cellcrypt’s R&D innovation resulted in Encrypted Mobile Content Protocol (EMCP), an Internet Protocol (IP) based technology that optimises delivery of encrypted data between mobile devices over wireless networks.
Cellcrypt’s products are compliant with the FIPS 140-2 standard administered by the US National Institute of Standards and Technology (NIST), operate over data-enabled networks including 2G (GPRS/EDGE), 3G (HSPA, CDMA/EV-DO) and Wi-Fi®, and are optimised to run on Nokia® Symbian and BlackBerry® smartphones. Cellcrypt is a BlackBerry Alliance Partner and Inmarsat Connect Partner.
Today, Cellcrypt solutions are used routinely by governments, enterprises and senior-level executives worldwide. Cellcrypt is a privately-held, venture-backed company with headquarters in London, UK and offices in USA and Middle East.
For more information please visit: www.cellcrypt.com
Caroline Tarbett, Joshua PR
Tel: +44 (0) 7914 014145
John Sacke, Sacke & Associates Inc.
Tel: +1 416.493.5723