by Rodolfo on February 5, 2010
ABI Research released the results of a new survey. The gist of it is that less than a fifth of companies use voice encryption solutions to protect their sensitive information [1].
The good news obviously is that around 18% do protect their financial, legal and R&D info. John Pescatore, security analyst at Gartner, perviously remarked “that 18% is a bit [to the] right, but in the ballpark” [2].
The survey, conducted amongst 250 senior executives in both medium and large organizations showed that despite regularly discussing financial information (78%), employee data (66%), as well as IP (51%) and commercial secrets (50%), the majority of these conversations are unprotected despite over 80% of respondents believing mobile phones to be as vulnerable, if not more so, than e-mail communications if leaked. Of those who admitted to regularly discussing sensitive information, 80% believed, if leaked, this information would have a major impact on the organisation.
Read the full press release.
[1] Disclaimer: the ABI Research survey was funded by Cellcrypt.
[2] Huge caveat: his remark is taken wildly out of context and he did not read the ABI report, so please read John’s original post in full on his blog before quoting him anywhere.
by Rodolfo on February 2, 2010
TrustWave just published some research on Femtocells (GSM base stations for enterprise sites) and found that those can be compromised, The Register reports.
after “hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts,” they “obtained root access on these Linux-based cellular-based devices”.
Femtocells and Picocells are equally vulnerable and there are doubts of how much valuable information could be gained by hacking into these devices. However it is important to note that more attacks are coming this way. This is mostly due to the fact that the devices are relatively new on the market and only now hackers are getting hands on experience.
by Rodolfo on February 1, 2010
Concerned about BlackBerry security? Then you should read Attack Surface Analysis of BlackBerry Devices.
This guide was published by Symantec in 2007, so while some of the details might be out of date, the overall guide is very interesting. It covers all the security aspects of the device and even if you are only concerned about, say, phone snoopers or losing your device, with over 30 pages there is lot of good advice there.
Download Attack Surface Analysis of Blackberry Devices (PDF)
by Rodolfo on January 29, 2010
Dr Larry Ponemon (from the Ponemon Institute) is hosting a webcast on cell phone calls vulnerabilities with Cellcrypt and other leading industry experts.
Larry is best known for the annual reports on the Cost of Data Breach and he his now looking at the vulnerabilities in the cellular networks as well.
You can register for the event here, the webcast is on February 24th 2010 @ 1100EST.
Below the full press release:
“On December 27th, 2009 researchers announced the codebook that unscrambles GSM calls – used in 80% of cell phones – had been computed and published on the web. Free for any criminal to use, this lowers the cost of cell phone eavesdropping below $10,000.
But recent research shows that while four out of five IT executives think mobile phones are equally/more vulnerable than email, less than 20% of businesses have adequate mobile voice protection in place and regularly discuss sensitive and confidential information on cell phones. This poses a corporate threat to commercial secrets, executive safety, data record breaches and of financial transaction confidentiality.
Hosted by Dr. Larry Ponemon, this webinar assembles a panel of experts to discuss the key issues of the GSM Cracking threat, the wider implications of cell phone interception and how to cost-effectively implement adequate protection.
In just one hour, you will be fully briefed on the facts and armed with the right information to act.“
by Rodolfo on January 20, 2010
In a survey published yesterday, Gartner revealed the top 10 business and technology priorities for 2010.
Besides the obvious “Business process improvement” (as opposed to recommending deterioration in business processes?) there are some very good indicators of what strategic areas CIOs and board should focus.
Virtualization and Cloud computing on top, increased used of information/analytics all point toward the “real-time” enterprise.
What is relevant to BlackBerry users if the focus on mobile, security and voice communications, which solve the need for improving enterprise workforce effectiveness. The need for secure voice communications wherever you are is here to stay and it has to align to the corporate platform as opposed just being an external appendage managed by the telco with no accountability.
Overall a fascinating read, and hopefully most large corporates will move towards that direction. It has been 10 years since the Cluetrain Manifesto came out (already!) but the concept of markets as conversations still is not widely implemented across the board. Of course for communications IP and security are core tenets that need to be in place before anything else can happen.
Read more: Gartner Top 10 Business and Technology Priorities in 2010