More malware is making its way on to mobile devices, while the cost and impact of managing mobile security is increasing.
New research from McAfee reveals that mobile device manufacturers are not only experiencing more mobile security issues than ever before but are also spending more time and money on recovering from security incidents.
In its third annual report into the mobile ecosystem, McAfee explores manufacturers' security experiences, their concerns and priorities and their approaches to the major future security challenges. The findings indicate that security is proving a barrier to service innovation and the development of new business models.
Key findings from the McAfee Mobile Security Report 2009 include:
* Half of all global manufacturers reported mobile malware infections, voice and spam attacks, third party application problems or incidents that caused network capacity issues;
* Almost half (48%) of manufacturers agreed that the cost related to patching and fixing affected devices had significantly impacted their business;
* Concern over the security of mobile device functions is high; 81% of manufacturers are worried about mobile payments; 69% are not convinced by the safety of installing applications and 66% are concerned about devices' WiFi and Bluetooth connectivity; and
* Three-quarters (75%) agree that carriers and manufacturers should carry the cost of security and only 12% think that users should be involved with handling security measures.
Despite manufacturers' attempts to lock down security, evidence shows that security issues are growing in diversity and sophistication.
Overall, there has been a dramatic upswing in the number of incidents across all the major threat categories – including exploits that affected manufacturers' device functionality, users' privacy and even network or service capacity – in many cases by more than double over the last year.
More than 40% of manufacturers also reported that they had experienced security threats across the complete range of the most common mobile security threats.
Supported by almost all mobile devices, voice or text spam attacks have hit the greatest number of devices (in 2008 incidents affecting more than 1-million devices were reported by 17% of manufacturers), but there has also been aconsiderable rise in the number of issues with third party applications and content with prematurely released applications causing severe network capacity issues or crashing and locking devices altogether.
Recent experiences have demonstrated how costly and complex security issues can be for manufacturers, not only in terms of immediate bottom line but also in relation to the longer term hit to reputation.
Almost half (48%) of manufacturers highlighted that patching and fixing devices is an expensive business, 36% stated that security incidents have had a negative impact on their brand or public relations and almost a third again (32%) said that security problems have prompted a significant loss in credibility or user satisfaction. In parallel, as security issues continue to grow, so too do concerns surrounding the development of new services and functionality predicted to generate future revenue streams.
As such, more than 70% of manufacturers agree that addressing mobile security is critical as they look to the future and are taking control of device protection measures. Three-quarters believe that the cost of security should be borne by carrier/service providers (44%) and by manufacturers (31%) rather than by the user and more than two thirds of mobile manufacturing companies (69%) believe that device integrated security is the most effective and efficient way to protect devices.
"Attempts to make the mobile ecosystem more open have shown early signs of success yet attacks on mobile networks and devices continue to grow in both complexity and sophistication. This elevates concerns surrounding the security for both existing and emerging services," says Victor Kouznetsov, senior vice-president of McAfee Mobile Security. "Hence it is encouraging to see that mobile manufacturers are looking to regain control of providing security functionality to safeguard their users."