SlideShare a Scribd company logo

Cybersecurity in the Age of Mobility

Booz Allen Hamilton
Booz Allen Hamilton

Building a Mobile Infrastructure that Promotes Productivity Learn more: http://www.cyberhub.com/research/Mobility

TechnologyBusiness
1 of 20
Download to read offline
Cybersecurity in the Age of Mobility: Building a Mobile Infrastructure that Promotes Productivity An Economist Intelligence Unit research program sponsored by Booz Allen Hamilton
List of Interviewees About the Survey Chua Kim Chuan Director, Identity & Security In August 2011, the Economist Intelligence Unit Services, Information Systems Division, MOH conducted a global survey, sponsored by Holdings Pte Ltd., Singapore Booz Allen Hamilton, of 340 executives to assess Tom Downey Director of Excise and Licensing attitudes toward cybersecurity in the age of of the City of Denver, Colorado, USA mobility. About one-half (51 percent) of survey respondents are board members or C-level KEITH GORDON SVP, Security, Fraud and executives, including 74 CEOs. The respondents Enrollment Executive at Bank of America for are based in North America (31 percent), Western online and mobile channels, USA Europe (29 percent), Asia-Pacific (27 percent), AnDrew McIntyre CEO, Medical-Objects Middle East and Africa (6 percent), Latin America Pty Ltd, Australia (5 percent), and Eastern Europe (3 percent). Patty Mechael Executive Director, More than one-half of the survey respondents mHealth Alliance, USA (55 percent) work for companies with global annual revenues exceeding US$500 million. Mark Olson CISO, Beth Israel and Nineteen different industries are represented in Harvard Medical School, USA the survey sample, including financial services Neil Robinson Senior Analyst, RAND Europe (21 percent); healthcare, pharmaceuticals, and Rajesh Yohannan Regional Head of biotechnology (13 percent); professional services e-Business, Citibank Asia (9 percent); transportation, travel, and tourism (9 percent); IT and technology (7 percent); and manufacturing (7 percent).
Contents Executive Summary................................................................................................................... 2 Introduction................................................................................................................................. 3 The Benefits of Mobility........................................................................................................... 5 Mobility Hazards and their Remedies................................................................................. 7 Loss of Mobile Devices............................................................................................................. 8 Vulnerability from Downloads.............................................................................................. 9 Sidebar: Financial Services: Pushing the Envelope......................................................10 Inefficient Back-up Procedures...........................................................................................11 Responding to Mobile Security Challenges...................................................................12 Proper Back-up Procedures..................................................................................................13 Network Security and Remote Access..............................................................................13 Developing Company Policies and Leadership............................................................14 Sidebar: Healthcare: Meeting Opportunities as Well as Threats.............................15 Conclusion..................................................................................................................................16 About Booz Allen.....................................................................................................................17 About Economist Intelligence Unit...................................................................................17 Cybersecurity in the Age of Mobility 1
Executive Summary • The as c endanc y of mobil e co mp ut i ng o f f er s co mpa n i e s e n orm o u s opportunities to improve productivity, while presenting them with a series of new security challenges. The ubiquity of mobile devices encourages more people to take care of routine matters via simpler online apps. It also has the potential to make structural enhancements in productivity. But to capitalize on these benefits, companies will have to tackle a host of challenging new security issues. • The rapid rise of mobile devices has led to a corresponding rise in mobile cyber threats. Mobile devices are more likely to be lost through theft, accident, and negligence. The “app store” culture of mobile devices leads to promiscuous downloads of risky software by end-users. Mobile devices are likely to be connected through unsecured and even hostile “Wi-Fi” network access points. And mobile devices are more likely to be treated by the end-user as personal property not subject to the usual security practices of the organization. • The move to cloud computing is complicating the task. The most fundamental organizational response involves setting up frequent and easy-to-use back-up procedures for mobile devices. But organizations have incomplete and inadequate traditions for backing-up and securing data stored in mobile devices. Giving employees “anytime, anywhere” access allows them to be more productive, but that access inevitably weakens the central network’s defenses against intruders. Some organizations respond by setting up finer-grained controls over remote access. • The most fundamental problem with mobile security is a lack of awareness. Companies should make educational efforts on mobile computing a company priority. Cyber-mobility policies need to address personal use, privacy, security of connection, and how to handle missing or stolen devices. • IT departments need to suggest new mobile technologies to other functions to demonstrate that they want progress and can take the lead in implementation. To do so, it is important to construct explicit projects with defined targets, benefits, costs, and budgets. It is also important to set milestones of success and assess the value that security provides. • • 2 Cybersecurity in the Age of Mobility
Introduction: The Magnitude of the Challenge Mobile devices have taken the world by storm. The Economist Intelligence Unit estimates that four billion people use mobile devices of one kind or another. Three billion are using feature phones to call and text, but one billion are now using smartphones to access the Internet as well. The global movement to smartphones is still in its infancy. The devices are likely to experience double-digit sales growth for the next 5 years as the world builds out 3G wireless networks and the devices themselves become more powerful. The move to smartphones will have a profound a host of challenging new security issues qualitative impact on computing. In 2014, more discussed in this report. people will be accessing the Internet through Both opportunity and difficulty lie clearly visible. mobile devices than via desktops, if current According to the global survey of senior executives trends continue. This will change the nature of the conducted for this report, organizations are global workplace. The Internet will be much more already moving with determination to gain pervasive and embedded—the computing power an advantage. Four in 10 executives (42 percent) necessary to perform many work tasks will be say their organizations have revised business always on and available almost everywhere. strategies in the past 3 years to reap the benefits The ascendancy of mobile computing offers of cyber mobility. The biggest problem caused by companies enormous opportunities to improve cyber mobility, according to the same executives, the productivity of a company’s employees. A few is new security threats (cited by 62 percent). companies will continue to restrict their operations Information is becoming a more central and to a traditional workplace. But the vast majority essential organizational asset. Balance-sheet will have to harness cyber mobility to remain health has less to do with inventories of iron ore competitive. To do so, they will have to tackle or shipping containers, and more to do with the A Definition In this report, and in the survey conducted for this report, cyber mobility is broadly defined as “the ability to work anywhere (i.e., remotely from the office) through the use of mobile device(s), such as laptops and cell phones, and other devices that are connected to the Internet and are often used to enhance productivity.” Cybersecurity in the Age of Mobility 3
“Balance-sheet health has less to do with inventories of iron ore or shipping containers, and more to do with the knowledge held by experienced employees and digital records about prospective customers. ” knowledge held by experienced employees and This report, written by the Economist Intelligence digital records about prospective customers. Unit and sponsored by Booz Allen Hamilton, Techniques for protecting and managing those explores cyber mobility and its security challenges. intangible assets lag behind our needs, however. It details how—for a motivated and alert Even in the face of compliance laws including organization—security can be not just a problem, Sarbanes-Oxley, HIPAA, and PCI, massive data but also a strength. breaches regularly occur. F igure 1 Rapidly Rising Connectivity 120 Mobile Cellular Subscriptions per 100 Inhabitants, 2000-2010 100 Internet users/per 100 inhabitants 80 60 40 20 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 Developed World Developing The developed/developing country classifications are based on the UN M49. See: http://www.itu.int.int/ITU-D/ict/definitions/regions/index.html Source: ITU World Telecommunication/ICT Indicators database 4 Cybersecurity in the Age of Mobility
Glossary of Common Mobile Security Terminology App: Short for from all hazards to “centralized” or mobile devices, often “application,” which is to data health, “moated” security, distributed via e-mail or typically downloaded whether intentional which emphasizes app stores from an app store or accidental, within safety behind firewalls Phishing: An attempt Cloud Security: Security the data center or at a MitMo: Short for “man to get users to click moves from “manual” remote location; DLP in the mobile”, which is on a malicious link protection of individual generalizes “back-up” a type of malware that typically embedded in devices to the cloud, and “disaster recovery” allows the perpetrator an e-mail or SMS where a third-party Endpoint Security: to monitor what the provider is usually Security Token: The idea that each remote user does on responsible Typically a small individual device (an the screen DLP: An acronym for physical device endpoint) should be Data Loss Prevention, Mobile Malware: Short through which secured, as opposed DLP unifies protection for malicious software users authenticate specifically designed for themselves The Benefits of Mobility Mobility offers many benefits to businesses The ubiquity of mobile devices provides another but the core opportunity is enhanced staff benefit: It also encourages more people to take productivity. Employees who are more connected— care of routine matters immediately, via simpler on the road or at home—are more efficient. In online apps, rather than waiting for somebody a 2011 report from the US Office of Personnel to help them. The US public sector is making Management (OPM), 31 out of 33 federal agencies the most of this trend by offering more mobile that track telework programs said they believed government (m-government) information and that enhanced productivity was the greatest services to constituents. Tom Downey, Director of benefit of mobility. “Look at the tablet technology,” Excise and Licensing of the City of Denver, Colorado, says Mark Olson, CISO at Beth Israel and Harvard emphasizes that migration to online “e-systems” Medical School. “A physician can pull up specific allows more citizens to “self-serve,” freeing trained results and tests on the iPad to show at the staff to shift attention to strategic efforts. patient’s bedside.” In addition, he notes, physicians can review information on the go, even walking between buildings, to enhance their productivity. Cybersecurity in the Age of Mobility 5
“One-quarter of executives say their organization relies on cyber mobility to an overwhelming extent, and another 80 % of executives also say mobile devices will be 49 percent say it is of equal importance more important to their work 3 years from now to productivity as other factors.” compared with today. Cyber mobility can do more than boost productivity Given the potential benefits, organizations are in a quantitative way: It also has the potential to increasingly relying on mobility. One-quarter make structural enhancements in productivity. of executives say their organization relies on Putting an iPad in a doctor’s hands can improve cyber mobility to an overwhelming extent, and face-to-face encounters with patients, but it can another 49 percent say it is of equal importance have more dramatic effects when the physician to productivity as other factors. Eighty percent is away on rounds at a different facility. If new of executives also say mobile devices will be results arrive for a patient, a nurse can update the more important to their work 3 years from now physician, transmit test results, receive instructions compared with today. based on the physician’s assessment of those Mobility also allows companies to: tests, and start a new procedure hours before the physician is scheduled to return. In this situation, • Launch and evaluate projects more quickly little of the doctor’s time is saved, but the impact and with less overhead on patient well-being might be enormous. More • Improve service quality, allowing them to generally, cyber mobility’s greatest potential is sidestep competition based on price not merely in saving costs, but in yielding greater results in revenues, profit, or other output measures. • Improve the length and intensity of customer relationships. Mobility also offers benefits on a more strategic Survey respondents agree about the key benefits level: It allows companies to extend their business of mobility. Flexibility (chosen by 89 percent) and their brand beyond the bounds of the physical and increased productivity (75 percent) are setting of their company. A well-designed mobile overwhelmingly cited as benefits, while a smaller app allows a retail company to sell to customers number also say cost savings (24 percent). These anytime and anywhere—far from its bricks-and- potential benefits have caused more organizations mortar locations. For strategic executives, this is to rely on mobile devices. the ultimate goal: to be able to scale a good brand experience across town or across a continent. Cyber mobility opens the possibility for brand scaling beyond traditional approaches limited by physical presence. 6 Cybersecurity in the Age of Mobility
F igure 2 In your view, what are the biggest benefits associated with cyber mobility? Select up to three. Greater work flexibility 89% Increased productivity 75% Decentralization of key business operations 25% Lower cost structure 24% Improved innovation 17% Taking advantage of new market opportunities 12% Greater understanding of important future trends 9% Increased revenue growth 5% Increased profitability 4% Deepened knowledge of consumer trends 4% Other, please specify 3% Don’t know 1% Source: Economist Intelligence Unit survey, August 2011 Mobility Hazards and their Remedies Companies that want to take advantage But hostile actors may be growing faster than of the widespread promise of mobile devices the mobile sector itself. According to Cisco’s will have to face a number of important security 2010 Annual Security Report, improvement in issues. The rapid rise of mobile devices has led traditional computer security awareness has led to a corresponding rise in mobile cyber threats. cyber criminals to target mobile users since the In 2010, security company McAfee reported latter are generally less knowledgeable about the an increase in mobile malware by 46 percent, threats facing them and are, therefore, easier prey. compared with the previous year. Cybersecurity in the Age of Mobility 7
The threats are fueled by a number of issues: • Organizations have incomplete and inadequate • Mobile devices are more likely to be lost traditions for back-up and securing data stored through theft, accident, and negligence; in mobile devices; and • The “app store” culture of mobile devices • Mobile devices are more likely to be treated leads to promiscuous downloads of risky by the end-user as personal property not software by end-users; subject to the usual security practices of the organization. • Mobile devices are particularly apt to be connected through unsecured and even hostile “Wi-Fi” network access points; Loss of Mobile Devices The increased use of mobile devices has made issue. He notes people often put a lot of sensitive loss of the device an important problem. “You information into their phones. They set up e-mail don’t lose your desktop,” says Rajesh Yohannan, accounts, store passwords, and download apps Regional Head of e-Business, Citibank Asia. such as Facebook, which allows them to be signed Yohannan notes that most of the data kept on in at all times. A cyber criminal who came across mobile devices are recoverable because most their device would have instant access to all of the organizations and individuals back up crucial data on the device and on the apps associated assets, and the actual device can be replaced. with it. That would allow them to correlate this He is particularly concerned, however, about information against other data sources and do protecting the data on a lost mobile device from significant damage. “You steal a phone for its cyber criminals. virtual value—the information that is on it, the passwords that are stored there, e-wallet type Keith Gordon, SVP, Security, Fraud and Enrollment programs,” agrees Neil Robinson, Senior Analyst Executive at Bank of America for online and at the RAND Europe think tank. mobile channels, USA, is also concerned about this “A cyber criminal who came across their device would have instant access to all of the data on the device and on the apps associated with it. That would allow them to correlate this information against other data sources and do significant damage.” 8 Cybersecurity in the Age of Mobility
Vulnerability from Downloads Unsuspecting users often download indicating that they are downloading apps to a unfamiliar apps and information to their mobile great extent and that they also mix business and device. “Cyber crooks see it as an opportunity personal use. Yohannan says users must be more because awareness is low,” says Yohannan. In the careful of what they download and points out that survey conducted for this report, about one-half of this includes e-mail attachments, which are rarely all executives confirm that they have downloaded scanned for viruses or malware. an app for business use as well as personal use, F igure 3 Which of the following activities have you done on your mobile device(s) in the past three years? Select all that apply. Checked business email 92% Made a business phone call 90% Browsed the Internet 87% Made a personal phone call 84% Checked personal email 76% Downloaded an app for business use 54% Downloaded an app for personal use 51% Downloaded a security update 51% Other, please specify 6% I don’t have a mobile device 2% Source: Economist Intelligence Unit Survey, August 2011 Cybersecurity in the Age of Mobility 9
Financial Services: Pushing the Envelope Financial services are moving to take advantage of mobile computing 51% platforms in a big way. “The way we communicate with our customers and the way we market our services is changing radically,” says Rajesh Yohannan, Regional Head of e-Business, Citibank Asia. In the 18 months since it started its Asian mobile banking service, Citibank already has 500,000 users signed up. of financial services executives say their Financial services executives queried in the survey conducted for this report organization has revised its business strategy to reap are promoting mobility to a greater extent than their peers in other sectors. the benefits of mobility... For example, 34 percent of them say their industry relies on mobility to enhance productivity compared to 21 percent of executives as a whole. Half (51 percent) of financial services executives also say their organization compared to... has revised its business strategy to reap the benefits of mobility compared to 42 percent of respondents as a whole. 42 % But the financial services industry faces greater risks than others. Individual hackers and organized crime groups are actively seeking to exploit the slightest vulnerabilities. Keith Gordon, SVP, Security, Fraud and Enrollment Executive at Bank of America, who conducts a monthly intelligence review of the top threats to the bank, says endpoint security was his biggest concern in early fall of respondents 2011. That was followed by customer spoofing—such as phishing, application as a whole security, mobile malware, and data loss. To improve security, Bank of America is doing three things: “We have pre-built security into our applications, we don’t store any unnecessary data on the phone, and any data stored is encrypted,” Gordon says. Banks are also keeping a closer tab on the evolution of threats and informing customers about their risks. “We scan forums where cyber criminals hang out to track attacks even before they happen,” confirms Yohannan, who goes on to explain that many perpetrators will discuss upcoming attacks with their peers before executing them. Citibank has a group of people dedicated to this cause, while other groups look to deal with the actual attacks and their aftermath. Educating consumers is another way to improve security. Like many others, Bank of America will proactively alert customers when there is unusual account activity. A more innovative approach taken by the bank is to give their customers one free year of protection from McAfee, a security software company, in the hope that those customers will value the McAfee service and continue to use it beyond the trial period, according to Gordon. • • 10 Cybersecurity in the Age of Mobility
App stores pose a different problem. In response to One of the biggest threats in this area has been the growing number of attacks via malicious apps, various versions of Zeus MitMo, a malware that the European Network and Information Security hides in the background of mobile apps and Agency (ENISA), the agency overseeing Europe’s allows the perpetrators to gather information from cybersecurity, published a report in September unsuspecting users. “We have seen a big uptick in 2011 about the security implications of app stores. malware, such as Zeus for mobile,” says Gordon, It found that today’s malicious apps target a variety whose company tracks the top five threats against of platforms and can tap into smartphone data, them on a monthly basis (also see sidebar on from business e-mails to phone calls. “Consumers page 10). are hardly aware of this,” said the authors of the report, Dr. Marnix Dekker and Dr. Giles Hogben. Inefficient Back-up Procedures In principle, proper back-up procedures make it That change has also lead to shifts in responsibilities. possible to recover data lost on a physical device. In this new environment, back-up procedures But typical back-up procedures for mobile devices are typically conducted by the cloud providers. leave a lot to be desired. Data are backed up “Companies of all sizes and individuals are at the incompletely and, often, insufficiently. mercy of providers,” agrees Robinson. Survey respondents also say the third biggest problem It is also difficult to determine exactly what data caused by cyber mobility in their organization today need to be backed up because the nature of is the loss of control over data (cited by 34 percent). “data” has changed. “Everything used to be stored on the device,” says Robinson. “But nowadays Respondents agree with the commonly cited cyber mobility is hard to separate from cloud risks associated with mobility. They are concerned computing.” Because of this, mobile security has to that their mobile device will be compromised be closely tied to cloud security. Concentrating on as a result of loss (66 percent) and poor back-up endpoint security by backing up individual devices procedures (55 percent). Downloads were fourth is becoming less important than cloud security— on the list of concerns (cited by 51 percent) after making sure the cloud data scattered across the the use of insecure networks (52 percent), another world are secure. growing problem which is associated with using various connections in remote locations. Cybersecurity in the Age of Mobility 11
The survey also revealed users may claim a higher compromised. Yet, 64 percent say efficiency gains degree of awareness regarding security than they outweigh any potential security risks when it comes put into practice. Nine out of 10 say they would to working remotely, and 68 percent say the same alter their usage if they learned that it is likely that about the use of mobile devices. the information on their mobile devices can be Responding to Mobile Security Challenges Organiz ations that wa nt to tak e and renewal. At a tactical level, our survey advantage of the benefits of mobility must shows attention in this area currently is focused find a way to face the security challenges that on back-up procedures, security of remote come with them. Even explicit policies often access, and movement towards interoperability remain incomplete; in any case, part of the nature and standardization. of security is a demand for continuing vigilance F igure 4 Which of the following areas are covered by your organization’s policy regarding the use of mobile device(s)? Select all that apply. Personal use 78% Privacy 71% IT support 69% Use of secure/insecure wireless connections 68% Security software 64% Missing or stolen devices 64% Downloads (apps/games/other) 62% Backup procedures or data loss 58% The guidelines are general and I am not aware of my organization having any specific policies 6% Other, please specify 3% Don’t know 0% Source: Economist Intelligence Unit survey, August 2011 12 Cybersecurity in the Age of Mobility
Proper Back-up Procedures The mos t fundamenta l organizational Some organizations respond by setting up finer- response involves setting up frequent and easy- grained controls over remote access: someone to-use back-up procedures for mobile devices. But with accounting responsibilities, for example, the move to cloud computing is complicating the might be permitted to prepare reports, but not task. “This is where everyone struggles and we do to transfer funds remotely. Olson says remote as well,” Mr. Olson admits. Backing up the data is access to his organization is controlled via a series relatively straightforward. The bigger problem is of security steps, including software installation, securing the data in case the device is lost. a secure sockets layer (SSL) connection, a virtual private network (VPN) and, of course, regular To deal with the possibilities of lost devices, changes of passwords. Olson tries to limit the amount of data resident on a particular mobile device and encrypts it. In Singapore, Chua Kim Chuan, Director of “We use an approach where data are fetched, Identity & Security Services, Information Systems viewed, and destroyed, in order not to leave any Division, MOH Holdings, the holding company information resident on the device,” he explains. of Singapore’s public healthcare assets, also uses All information is stored at a central data center. end-to-end encryption and strong authentication From there, he can recover what was on the procedures. But Mr. Chua Kim Chuan goes one device at all times (regardless of whether the step further by requiring that employees carry actual device is recovered or not). Inevitably, small devices that generate numeric “one-time” however, a small amount is still left on the device. passwords. These information tokens add a To deal with this problem, he adds a remote physical element to the authentication process. wiping capability that allows him to erase data “The trickiest part is to design a process that is easy remotely if the device is lost. while providing security,” says Mr. Chua Kim Chuan. Neil Robinson agrees. “If there are too many steps and passwords, then users will write them down,” Network Security he says. Writing instructions on paper, of course, defeats the whole purpose of a security procedure: and Remote Access If someone finds that piece of paper, the system’s security collapses. To balance convenience and safety, many organizations still require only a Another big problem involves controlling how user name and password—even for remote mobile devices get remote access to organizational access. However, a number of studies have networks. Giving employees “anytime, anywhere” shown that this combination is inadequate in access allows them to be more productive, but that most security situations. access inevitably weakens the central network’s defenses against intruders. A remote connection can serve as a pathway that allows a malicious app to access other users on the internal network. Cybersecurity in the Age of Mobility 13
While 71 percent of respondents agree that their of scenarios, respondents are least confident with organization has taken security measures regarding regard to mobile devices: Only 22 percent say they mobility, the quality of policies in this area may be are well prepared in this area, compared with uneven. When asked how prepared their organization 50 percent who say the same about online access is to address security or privacy threats in a variety and 59 percent about the use of desktop computers. F igure 5 How prepared is your organization to address security or privacy threats to the following? The physical office location 100% 59% 37% 3% 1% The use of desktop computers 100% 59% 38% 2% 1% Online access 100% 50% 43% 5% 1% Mobile device(s) 100% 22% 63% 14% 2% Well prepared Somewhat prepared Not at all prepared Don’t know Source: Economist Intelligence Unit Survey, August 2011 Developing Company Policies and Leadership Mobility is increasingly pervasive, and awareness. Yohannan believes the lack of organizations must capitalize on it to remain awareness is pervasive in organizations and competitive in the marketplace. Organizations is not limited to users of mobile devices. must take a number of steps to respond to security Educational initiatives need to start within the challenges that mobility presents: organization. “We educate senior executives about security in terms they can understand,” • Make educational efforts on mobile computing explains Gordon. To educate users about a company priority. The most fundamental phishing, he will show them an actual phishing problem with mobile security is a lack of 14 Cybersecurity in the Age of Mobility
Healthcare: Meeting Opportunities as Well as Threats Th e h e a lt h c a r e i nd u stry h a s gre at h op e s f or m o b i l e co mp u t i ng. It is increasingly using mobility to enhance the productivity and flexibility of its operations and to meet demands from patients. Electronic health (e-health) initiatives are the most commonly cited benefit on the horizon. These initiatives typically focus on developing electronic medical records (EMRs), which allow employees to evaluate results remotely and communicate information quickly. Telemedicine (tele-health) allows doctors to see their patients virtually and consult them at a distance. “From a security perspective, we have to look at all of this and see how we can enable it,” says Mr Olson about the future of digital healthcare. The industry is at a particular risk from mobility given the sensitive data it handles in the form of patient records. “We are mostly targeted for the information we hold about people and identity theft is our biggest threat,” observes Mr Olson. The primary suspects, therefore, are organized crime groups, rather than nation-states or thrill-seeking hackers. Their goal is to get a name and an address they can validate with another source. “The more data they can correlate, the more value it has on the black market,” he explains. To deal with the threat, health organizations are creating a variety of security policies. Survey results lend support to the idea that healthcare is a leader in policy development. 84% of healthcare respondents say they have a policy regarding the use of mobile devices compared to 77% in other industries. According to survey responses, the policies adopted by healthcare organizations also cover important aspects of security to a greater extent, such as privacy (89% vs 71%) and missing or stolen devices (78% vs 64%). The most pressing problem now, according to Andrew McIntyre, CEO of Medical- Objects Pty based in Australia, is not the lack of policy, but its implementation on the end-user side, as users of technology tend to trust vendors. Even in cases where suppliers clearly understand security matters, they feel little incentive to educate end-users focused on features and functionality outside the security domain. In addition to traditional logins and passwords, Dr McIntyre is promoting enhanced interoperability and better client-side security procedures, such as use of security tokens. “We can encrypt the transfer of data but we are stuck with a password to access it,” he says about the challenge to improve standards in the industry. “While the technology exists for client side tokens, virtually nobody uses it.” One way in which to overcome such challenges, according to Mr Olson, is for the security team to push new products to the healthcare professionals, instruct them in their benefits, and demonstrate their use. “By doing that we are out in front of the partnership and we can control expectations and parameters of use,” he suggests. • • Cybersecurity in the Age of Mobility 15
e-mail used by hackers. “Our dashboard has • Encourage IT departments to lead by example. both the simple terminology as well as the IT departments are often seen by other technical one, but in the future I hope it will functions as an obstacle to greater mobility only have one,” he says about his initiatives to because they insist on various security policies. educate management. This can encourage IT departments to resist • Create comprehensive mobile security the latest technologies before proper security procedures. If there are no mandated security is in place or to establish too many passwords standards, or if interoperability is an issue to access a system. “Security teams should be in secure communication, companies need enabling teams rather than disabling teams,” to set the standard internally. “There is no stresses Olson. IT departments need to suggest substitute for strong policies,” says Olson, who new mobile technologies to other functions is constantly looking to enhance security in his to demonstrate that they want progress and organization. It is also important to make sure can take the lead in implementation. To do strong policies and standards are executed well this, it is crucial to construct explicit projects and enforced properly. At the very least, cyber with defined targets, benefits, alternatives, mobility policies need to address personal use, costs, and budgets. It is also important to set privacy, security of connection, and how to milestones of success to manage project risk, handle missing or stolen devices. and develop technical capabilities to assess the value that security provides. Conclusion The s takes asso ciated w it h fa i l i ng to e s ta b l i s h pro per m o b i l e s ec ur it y a r e h ig h. The costs associated with loss of a single customer record can be greater than a multiple of the lifetime revenues expected of that customer. Companies also need to construct written goals with objective criteria and track successes and failures associated with mobile security. They need to demonstrate to employees and customers that the organization is committed to mobile security. They need to keep stakeholders informed about the company’s experience with mobile security issues, and monitor the impact of these efforts. Security itself is often conceived in negative terms: data not leaked, lawsuits avoided, and authentication nuisances reduced. Once companies do these steps well, they will find that security becomes a positive value—customers and employees will become more comfortable and confident doing business with an organization known for its security leadership. • • 16 Cybersecurity in the Age of Mobility
About Booz Allen Hamilton Booz Allen H amilton i s a l e adi n g prov id e r of management and technology consulting services to the US government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs more than 25,000 people, and had revenue of $5.59 billion for the 12 months ended March 31, 2011. Booz Allen understands that cybersecurity is no longer just about protecting assets. It’s about enabling organizations to take full advantage of the vast opportunities that the ecosystem of cyberspace now offers for business, government, and virtually every aspect of our society. Those opportunities can be imperiled, however, by rapidly emerging cyber threats from hackers (hacktivists), organized crime, nation states, and terrorists. We help our clients in both business and government understand the full spectrum of threats and system vulnerabilities, and address them effectively and efficiently. Booz Allen believes the key to cybersecurity today is integration—creating a framework that “thinks bigger” than technology to encompass policy, operations, people, and management. Through this Mission Integration Framework, organizations can align these essential areas to address the real issues, and develop cyber strategies and solutions that keep pace with a fast- changing world. To learn more, visit www.boozallen.com. (NYSE: BAH) About the Economist Intelligence Unit The Economist In t e l l ige n c e U n it i s pa rt o f t h e Eco n o m i st G r o up, the leading source of analysis on international business and world affairs. Founded in 1946 as an in-house research unit for The Economist newspaper, we deliver business intelligence, forecasting and advice to over 1.5m decision-makers from the world’s leading companies, financial institutions, governments and universities. Our analysts are known for the rigour, accuracy and consistency of their analysis and forecasts, and their commitment to objectivity, clarity and timeliness. Cybersecurity in the Age of Mobility 17
An Economist Intelligence Unit research program sponsored by Booz Allen Hamilton ©2011 Booz Allen Hamilton Inc.

Recommended

Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security Booz Allen Hamilton
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant EnterpriseBooz Allen Hamilton
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012Icomm Technologies
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
188
188188
188vivatechijri
 

Recommended

Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security Booz Allen Hamilton
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
The Vigilant Enterprise
The Vigilant EnterpriseThe Vigilant Enterprise
The Vigilant EnterpriseBooz Allen Hamilton
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012Icomm Technologies
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Cloud Computing Security: Government Acquisition Considerations for the Cloud...
Cloud Computing Security: Government Acquisition Considerations for the Cloud...Booz Allen Hamilton
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
188
188188
188vivatechijri
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4 Jeewanthi Fernando
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss GremlinsIntronis MSP Solutions by Barracuda
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsEswar Publications
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurityGary Sandoval
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security RiskMurray Security Services
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIIBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIAGILLY
 
Resilience in the Cyber Era
Resilience in the Cyber EraResilience in the Cyber Era
Resilience in the Cyber EraBooz Allen Hamilton
 
Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Datafield
 

More Related Content

What's hot

OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010thaiantivirus
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3NTT Innovation Institute Inc.
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsEswar Publications
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurityGary Sandoval
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIIBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIAGILLY
 

What's hot (20)

OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of Things
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
 
Security annual report_mid2010
Security annual report_mid2010Security annual report_mid2010
Security annual report_mid2010
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's Enterprise
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphones
 
ThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO ReviewThreatMetrix Profile in March 2014 CIO Review
ThreatMetrix Profile in March 2014 CIO Review
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
 
Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks Threats
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurity
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSIIBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
IBM MobileFrist Protect - Guerir la Mobilephobie des RSSI
 

Similar to Cybersecurity in the Age of Mobility

Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Datafield
 
Secure data access in a mobile universe
Secure data access in a mobile universeSecure data access in a mobile universe
Secure data access in a mobile universespencerharry
 
2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report2014 Secure Mobility Survey Report
2014 Secure Mobility Survey ReportDImension Data
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseSelectedPresentations
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise ReportOkta-Inc
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
It consumerisation presentation
It consumerisation presentationIt consumerisation presentation
It consumerisation presentationrevaathey
 
It consumerisation presentation
It consumerisation presentationIt consumerisation presentation
It consumerisation presentationrevaathey
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
The impact of mobile devices on information security
The impact of mobile devices on information securityThe impact of mobile devices on information security
The impact of mobile devices on information securityBee_Ware
 
Juniper Trusted Mobility Index 2012
Juniper Trusted Mobility Index 2012Juniper Trusted Mobility Index 2012
Juniper Trusted Mobility Index 2012Juniper Networks
 
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...Thierry Labro
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
The impact of mobile on the IT organization
The impact of mobile on the IT organizationThe impact of mobile on the IT organization
The impact of mobile on the IT organizationChris Pepin
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
 

Similar to Cybersecurity in the Age of Mobility (20)

Resilience in the Cyber Era
Resilience in the Cyber EraResilience in the Cyber Era
Resilience in the Cyber Era
 
Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928Economist Intelligence Unit_mobile_data_120928
Economist Intelligence Unit_mobile_data_120928
 
Secure data access in a mobile universe
Secure data access in a mobile universeSecure data access in a mobile universe
Secure data access in a mobile universe
 
2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise Report
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leaders
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
It consumerisation presentation
It consumerisation presentationIt consumerisation presentation
It consumerisation presentation
 
It consumerisation presentation
It consumerisation presentationIt consumerisation presentation
It consumerisation presentation
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
The impact of mobile devices on information security
The impact of mobile devices on information securityThe impact of mobile devices on information security
The impact of mobile devices on information security
 
Juniper Trusted Mobility Index 2012
Juniper Trusted Mobility Index 2012Juniper Trusted Mobility Index 2012
Juniper Trusted Mobility Index 2012
 
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
The impact of mobile on the IT organization
The impact of mobile on the IT organizationThe impact of mobile on the IT organization
The impact of mobile on the IT organization
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
 
White Paper: Mobile Security
White Paper: Mobile SecurityWhite Paper: Mobile Security
White Paper: Mobile Security
 

More from Booz Allen Hamilton

You Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest ChallengesYou Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest ChallengesBooz Allen Hamilton
 
Examining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working MomsExamining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working MomsBooz Allen Hamilton
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
Homeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowHomeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowBooz Allen Hamilton
 
Preparing for New Healthcare Payment Models
Preparing for New Healthcare Payment ModelsPreparing for New Healthcare Payment Models
Preparing for New Healthcare Payment ModelsBooz Allen Hamilton
 
The Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile CoachingThe Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile CoachingBooz Allen Hamilton
 
Immersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is HereImmersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is HereBooz Allen Hamilton
 
Nuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving PerformanceNuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving PerformanceBooz Allen Hamilton
 
Frenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join ForcesFrenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join ForcesBooz Allen Hamilton
 
Booz Allen Secure Agile Development
Booz Allen Secure Agile DevelopmentBooz Allen Secure Agile Development
Booz Allen Secure Agile DevelopmentBooz Allen Hamilton
 
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Hamilton
 
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton
 
Modern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military NetworksModern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military NetworksBooz Allen Hamilton
 
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...Booz Allen Hamilton
 
Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science Booz Allen Hamilton
 

More from Booz Allen Hamilton (20)

You Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest ChallengesYou Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
 
Examining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working MomsExamining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working Moms
 
The True Cost of Childcare
The True Cost of ChildcareThe True Cost of Childcare
The True Cost of Childcare
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
Inaugural Addresses
Inaugural AddressesInaugural Addresses
Inaugural Addresses
 
Military Spouse Career Roadmap
Military Spouse Career Roadmap Military Spouse Career Roadmap
Military Spouse Career Roadmap
 
Homeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowHomeland Threats: Today and Tomorrow
Homeland Threats: Today and Tomorrow
 
Preparing for New Healthcare Payment Models
Preparing for New Healthcare Payment ModelsPreparing for New Healthcare Payment Models
Preparing for New Healthcare Payment Models
 
The Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile CoachingThe Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile Coaching
 
Immersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is HereImmersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is Here
 
Nuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving PerformanceNuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving Performance
 
Frenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join ForcesFrenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join Forces
 
Booz Allen Secure Agile Development
Booz Allen Secure Agile DevelopmentBooz Allen Secure Agile Development
Booz Allen Secure Agile Development
 
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat Briefing
 
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
 
CITRIX IN AMAZON WEB SERVICES
CITRIX IN AMAZON WEB SERVICESCITRIX IN AMAZON WEB SERVICES
CITRIX IN AMAZON WEB SERVICES
 
Modern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military NetworksModern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military Networks
 
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
 
Women On The Leading Edge
Women On The Leading Edge Women On The Leading Edge
Women On The Leading Edge
 
Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Cybersecurity in the Age of Mobility

  • 1. Cybersecurity in the Age of Mobility: Building a Mobile Infrastructure that Promotes Productivity An Economist Intelligence Unit research program sponsored by Booz Allen Hamilton
  • 2. List of Interviewees About the Survey Chua Kim Chuan Director, Identity & Security In August 2011, the Economist Intelligence Unit Services, Information Systems Division, MOH conducted a global survey, sponsored by Holdings Pte Ltd., Singapore Booz Allen Hamilton, of 340 executives to assess Tom Downey Director of Excise and Licensing attitudes toward cybersecurity in the age of of the City of Denver, Colorado, USA mobility. About one-half (51 percent) of survey respondents are board members or C-level KEITH GORDON SVP, Security, Fraud and executives, including 74 CEOs. The respondents Enrollment Executive at Bank of America for are based in North America (31 percent), Western online and mobile channels, USA Europe (29 percent), Asia-Pacific (27 percent), AnDrew McIntyre CEO, Medical-Objects Middle East and Africa (6 percent), Latin America Pty Ltd, Australia (5 percent), and Eastern Europe (3 percent). Patty Mechael Executive Director, More than one-half of the survey respondents mHealth Alliance, USA (55 percent) work for companies with global annual revenues exceeding US$500 million. Mark Olson CISO, Beth Israel and Nineteen different industries are represented in Harvard Medical School, USA the survey sample, including financial services Neil Robinson Senior Analyst, RAND Europe (21 percent); healthcare, pharmaceuticals, and Rajesh Yohannan Regional Head of biotechnology (13 percent); professional services e-Business, Citibank Asia (9 percent); transportation, travel, and tourism (9 percent); IT and technology (7 percent); and manufacturing (7 percent).
  • 3. Contents Executive Summary................................................................................................................... 2 Introduction................................................................................................................................. 3 The Benefits of Mobility........................................................................................................... 5 Mobility Hazards and their Remedies................................................................................. 7 Loss of Mobile Devices............................................................................................................. 8 Vulnerability from Downloads.............................................................................................. 9 Sidebar: Financial Services: Pushing the Envelope......................................................10 Inefficient Back-up Procedures...........................................................................................11 Responding to Mobile Security Challenges...................................................................12 Proper Back-up Procedures..................................................................................................13 Network Security and Remote Access..............................................................................13 Developing Company Policies and Leadership............................................................14 Sidebar: Healthcare: Meeting Opportunities as Well as Threats.............................15 Conclusion..................................................................................................................................16 About Booz Allen.....................................................................................................................17 About Economist Intelligence Unit...................................................................................17 Cybersecurity in the Age of Mobility 1
  • 4. Executive Summary • The as c endanc y of mobil e co mp ut i ng o f f er s co mpa n i e s e n orm o u s opportunities to improve productivity, while presenting them with a series of new security challenges. The ubiquity of mobile devices encourages more people to take care of routine matters via simpler online apps. It also has the potential to make structural enhancements in productivity. But to capitalize on these benefits, companies will have to tackle a host of challenging new security issues. • The rapid rise of mobile devices has led to a corresponding rise in mobile cyber threats. Mobile devices are more likely to be lost through theft, accident, and negligence. The “app store” culture of mobile devices leads to promiscuous downloads of risky software by end-users. Mobile devices are likely to be connected through unsecured and even hostile “Wi-Fi” network access points. And mobile devices are more likely to be treated by the end-user as personal property not subject to the usual security practices of the organization. • The move to cloud computing is complicating the task. The most fundamental organizational response involves setting up frequent and easy-to-use back-up procedures for mobile devices. But organizations have incomplete and inadequate traditions for backing-up and securing data stored in mobile devices. Giving employees “anytime, anywhere” access allows them to be more productive, but that access inevitably weakens the central network’s defenses against intruders. Some organizations respond by setting up finer-grained controls over remote access. • The most fundamental problem with mobile security is a lack of awareness. Companies should make educational efforts on mobile computing a company priority. Cyber-mobility policies need to address personal use, privacy, security of connection, and how to handle missing or stolen devices. • IT departments need to suggest new mobile technologies to other functions to demonstrate that they want progress and can take the lead in implementation. To do so, it is important to construct explicit projects with defined targets, benefits, costs, and budgets. It is also important to set milestones of success and assess the value that security provides. • • 2 Cybersecurity in the Age of Mobility
  • 5. Introduction: The Magnitude of the Challenge Mobile devices have taken the world by storm. The Economist Intelligence Unit estimates that four billion people use mobile devices of one kind or another. Three billion are using feature phones to call and text, but one billion are now using smartphones to access the Internet as well. The global movement to smartphones is still in its infancy. The devices are likely to experience double-digit sales growth for the next 5 years as the world builds out 3G wireless networks and the devices themselves become more powerful. The move to smartphones will have a profound a host of challenging new security issues qualitative impact on computing. In 2014, more discussed in this report. people will be accessing the Internet through Both opportunity and difficulty lie clearly visible. mobile devices than via desktops, if current According to the global survey of senior executives trends continue. This will change the nature of the conducted for this report, organizations are global workplace. The Internet will be much more already moving with determination to gain pervasive and embedded—the computing power an advantage. Four in 10 executives (42 percent) necessary to perform many work tasks will be say their organizations have revised business always on and available almost everywhere. strategies in the past 3 years to reap the benefits The ascendancy of mobile computing offers of cyber mobility. The biggest problem caused by companies enormous opportunities to improve cyber mobility, according to the same executives, the productivity of a company’s employees. A few is new security threats (cited by 62 percent). companies will continue to restrict their operations Information is becoming a more central and to a traditional workplace. But the vast majority essential organizational asset. Balance-sheet will have to harness cyber mobility to remain health has less to do with inventories of iron ore competitive. To do so, they will have to tackle or shipping containers, and more to do with the A Definition In this report, and in the survey conducted for this report, cyber mobility is broadly defined as “the ability to work anywhere (i.e., remotely from the office) through the use of mobile device(s), such as laptops and cell phones, and other devices that are connected to the Internet and are often used to enhance productivity.” Cybersecurity in the Age of Mobility 3
  • 6. “Balance-sheet health has less to do with inventories of iron ore or shipping containers, and more to do with the knowledge held by experienced employees and digital records about prospective customers. ” knowledge held by experienced employees and This report, written by the Economist Intelligence digital records about prospective customers. Unit and sponsored by Booz Allen Hamilton, Techniques for protecting and managing those explores cyber mobility and its security challenges. intangible assets lag behind our needs, however. It details how—for a motivated and alert Even in the face of compliance laws including organization—security can be not just a problem, Sarbanes-Oxley, HIPAA, and PCI, massive data but also a strength. breaches regularly occur. F igure 1 Rapidly Rising Connectivity 120 Mobile Cellular Subscriptions per 100 Inhabitants, 2000-2010 100 Internet users/per 100 inhabitants 80 60 40 20 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 Developed World Developing The developed/developing country classifications are based on the UN M49. See: http://www.itu.int.int/ITU-D/ict/definitions/regions/index.html Source: ITU World Telecommunication/ICT Indicators database 4 Cybersecurity in the Age of Mobility
  • 7. Glossary of Common Mobile Security Terminology App: Short for from all hazards to “centralized” or mobile devices, often “application,” which is to data health, “moated” security, distributed via e-mail or typically downloaded whether intentional which emphasizes app stores from an app store or accidental, within safety behind firewalls Phishing: An attempt Cloud Security: Security the data center or at a MitMo: Short for “man to get users to click moves from “manual” remote location; DLP in the mobile”, which is on a malicious link protection of individual generalizes “back-up” a type of malware that typically embedded in devices to the cloud, and “disaster recovery” allows the perpetrator an e-mail or SMS where a third-party Endpoint Security: to monitor what the provider is usually Security Token: The idea that each remote user does on responsible Typically a small individual device (an the screen DLP: An acronym for physical device endpoint) should be Data Loss Prevention, Mobile Malware: Short through which secured, as opposed DLP unifies protection for malicious software users authenticate specifically designed for themselves The Benefits of Mobility Mobility offers many benefits to businesses The ubiquity of mobile devices provides another but the core opportunity is enhanced staff benefit: It also encourages more people to take productivity. Employees who are more connected— care of routine matters immediately, via simpler on the road or at home—are more efficient. In online apps, rather than waiting for somebody a 2011 report from the US Office of Personnel to help them. The US public sector is making Management (OPM), 31 out of 33 federal agencies the most of this trend by offering more mobile that track telework programs said they believed government (m-government) information and that enhanced productivity was the greatest services to constituents. Tom Downey, Director of benefit of mobility. “Look at the tablet technology,” Excise and Licensing of the City of Denver, Colorado, says Mark Olson, CISO at Beth Israel and Harvard emphasizes that migration to online “e-systems” Medical School. “A physician can pull up specific allows more citizens to “self-serve,” freeing trained results and tests on the iPad to show at the staff to shift attention to strategic efforts. patient’s bedside.” In addition, he notes, physicians can review information on the go, even walking between buildings, to enhance their productivity. Cybersecurity in the Age of Mobility 5
  • 8. “One-quarter of executives say their organization relies on cyber mobility to an overwhelming extent, and another 80 % of executives also say mobile devices will be 49 percent say it is of equal importance more important to their work 3 years from now to productivity as other factors.” compared with today. Cyber mobility can do more than boost productivity Given the potential benefits, organizations are in a quantitative way: It also has the potential to increasingly relying on mobility. One-quarter make structural enhancements in productivity. of executives say their organization relies on Putting an iPad in a doctor’s hands can improve cyber mobility to an overwhelming extent, and face-to-face encounters with patients, but it can another 49 percent say it is of equal importance have more dramatic effects when the physician to productivity as other factors. Eighty percent is away on rounds at a different facility. If new of executives also say mobile devices will be results arrive for a patient, a nurse can update the more important to their work 3 years from now physician, transmit test results, receive instructions compared with today. based on the physician’s assessment of those Mobility also allows companies to: tests, and start a new procedure hours before the physician is scheduled to return. In this situation, • Launch and evaluate projects more quickly little of the doctor’s time is saved, but the impact and with less overhead on patient well-being might be enormous. More • Improve service quality, allowing them to generally, cyber mobility’s greatest potential is sidestep competition based on price not merely in saving costs, but in yielding greater results in revenues, profit, or other output measures. • Improve the length and intensity of customer relationships. Mobility also offers benefits on a more strategic Survey respondents agree about the key benefits level: It allows companies to extend their business of mobility. Flexibility (chosen by 89 percent) and their brand beyond the bounds of the physical and increased productivity (75 percent) are setting of their company. A well-designed mobile overwhelmingly cited as benefits, while a smaller app allows a retail company to sell to customers number also say cost savings (24 percent). These anytime and anywhere—far from its bricks-and- potential benefits have caused more organizations mortar locations. For strategic executives, this is to rely on mobile devices. the ultimate goal: to be able to scale a good brand experience across town or across a continent. Cyber mobility opens the possibility for brand scaling beyond traditional approaches limited by physical presence. 6 Cybersecurity in the Age of Mobility
  • 9. F igure 2 In your view, what are the biggest benefits associated with cyber mobility? Select up to three. Greater work flexibility 89% Increased productivity 75% Decentralization of key business operations 25% Lower cost structure 24% Improved innovation 17% Taking advantage of new market opportunities 12% Greater understanding of important future trends 9% Increased revenue growth 5% Increased profitability 4% Deepened knowledge of consumer trends 4% Other, please specify 3% Don’t know 1% Source: Economist Intelligence Unit survey, August 2011 Mobility Hazards and their Remedies Companies that want to take advantage But hostile actors may be growing faster than of the widespread promise of mobile devices the mobile sector itself. According to Cisco’s will have to face a number of important security 2010 Annual Security Report, improvement in issues. The rapid rise of mobile devices has led traditional computer security awareness has led to a corresponding rise in mobile cyber threats. cyber criminals to target mobile users since the In 2010, security company McAfee reported latter are generally less knowledgeable about the an increase in mobile malware by 46 percent, threats facing them and are, therefore, easier prey. compared with the previous year. Cybersecurity in the Age of Mobility 7
  • 10. The threats are fueled by a number of issues: • Organizations have incomplete and inadequate • Mobile devices are more likely to be lost traditions for back-up and securing data stored through theft, accident, and negligence; in mobile devices; and • The “app store” culture of mobile devices • Mobile devices are more likely to be treated leads to promiscuous downloads of risky by the end-user as personal property not software by end-users; subject to the usual security practices of the organization. • Mobile devices are particularly apt to be connected through unsecured and even hostile “Wi-Fi” network access points; Loss of Mobile Devices The increased use of mobile devices has made issue. He notes people often put a lot of sensitive loss of the device an important problem. “You information into their phones. They set up e-mail don’t lose your desktop,” says Rajesh Yohannan, accounts, store passwords, and download apps Regional Head of e-Business, Citibank Asia. such as Facebook, which allows them to be signed Yohannan notes that most of the data kept on in at all times. A cyber criminal who came across mobile devices are recoverable because most their device would have instant access to all of the organizations and individuals back up crucial data on the device and on the apps associated assets, and the actual device can be replaced. with it. That would allow them to correlate this He is particularly concerned, however, about information against other data sources and do protecting the data on a lost mobile device from significant damage. “You steal a phone for its cyber criminals. virtual value—the information that is on it, the passwords that are stored there, e-wallet type Keith Gordon, SVP, Security, Fraud and Enrollment programs,” agrees Neil Robinson, Senior Analyst Executive at Bank of America for online and at the RAND Europe think tank. mobile channels, USA, is also concerned about this “A cyber criminal who came across their device would have instant access to all of the data on the device and on the apps associated with it. That would allow them to correlate this information against other data sources and do significant damage.” 8 Cybersecurity in the Age of Mobility
  • 11. Vulnerability from Downloads Unsuspecting users often download indicating that they are downloading apps to a unfamiliar apps and information to their mobile great extent and that they also mix business and device. “Cyber crooks see it as an opportunity personal use. Yohannan says users must be more because awareness is low,” says Yohannan. In the careful of what they download and points out that survey conducted for this report, about one-half of this includes e-mail attachments, which are rarely all executives confirm that they have downloaded scanned for viruses or malware. an app for business use as well as personal use, F igure 3 Which of the following activities have you done on your mobile device(s) in the past three years? Select all that apply. Checked business email 92% Made a business phone call 90% Browsed the Internet 87% Made a personal phone call 84% Checked personal email 76% Downloaded an app for business use 54% Downloaded an app for personal use 51% Downloaded a security update 51% Other, please specify 6% I don’t have a mobile device 2% Source: Economist Intelligence Unit Survey, August 2011 Cybersecurity in the Age of Mobility 9
  • 12. Financial Services: Pushing the Envelope Financial services are moving to take advantage of mobile computing 51% platforms in a big way. “The way we communicate with our customers and the way we market our services is changing radically,” says Rajesh Yohannan, Regional Head of e-Business, Citibank Asia. In the 18 months since it started its Asian mobile banking service, Citibank already has 500,000 users signed up. of financial services executives say their Financial services executives queried in the survey conducted for this report organization has revised its business strategy to reap are promoting mobility to a greater extent than their peers in other sectors. the benefits of mobility... For example, 34 percent of them say their industry relies on mobility to enhance productivity compared to 21 percent of executives as a whole. Half (51 percent) of financial services executives also say their organization compared to... has revised its business strategy to reap the benefits of mobility compared to 42 percent of respondents as a whole. 42 % But the financial services industry faces greater risks than others. Individual hackers and organized crime groups are actively seeking to exploit the slightest vulnerabilities. Keith Gordon, SVP, Security, Fraud and Enrollment Executive at Bank of America, who conducts a monthly intelligence review of the top threats to the bank, says endpoint security was his biggest concern in early fall of respondents 2011. That was followed by customer spoofing—such as phishing, application as a whole security, mobile malware, and data loss. To improve security, Bank of America is doing three things: “We have pre-built security into our applications, we don’t store any unnecessary data on the phone, and any data stored is encrypted,” Gordon says. Banks are also keeping a closer tab on the evolution of threats and informing customers about their risks. “We scan forums where cyber criminals hang out to track attacks even before they happen,” confirms Yohannan, who goes on to explain that many perpetrators will discuss upcoming attacks with their peers before executing them. Citibank has a group of people dedicated to this cause, while other groups look to deal with the actual attacks and their aftermath. Educating consumers is another way to improve security. Like many others, Bank of America will proactively alert customers when there is unusual account activity. A more innovative approach taken by the bank is to give their customers one free year of protection from McAfee, a security software company, in the hope that those customers will value the McAfee service and continue to use it beyond the trial period, according to Gordon. • • 10 Cybersecurity in the Age of Mobility
  • 13. App stores pose a different problem. In response to One of the biggest threats in this area has been the growing number of attacks via malicious apps, various versions of Zeus MitMo, a malware that the European Network and Information Security hides in the background of mobile apps and Agency (ENISA), the agency overseeing Europe’s allows the perpetrators to gather information from cybersecurity, published a report in September unsuspecting users. “We have seen a big uptick in 2011 about the security implications of app stores. malware, such as Zeus for mobile,” says Gordon, It found that today’s malicious apps target a variety whose company tracks the top five threats against of platforms and can tap into smartphone data, them on a monthly basis (also see sidebar on from business e-mails to phone calls. “Consumers page 10). are hardly aware of this,” said the authors of the report, Dr. Marnix Dekker and Dr. Giles Hogben. Inefficient Back-up Procedures In principle, proper back-up procedures make it That change has also lead to shifts in responsibilities. possible to recover data lost on a physical device. In this new environment, back-up procedures But typical back-up procedures for mobile devices are typically conducted by the cloud providers. leave a lot to be desired. Data are backed up “Companies of all sizes and individuals are at the incompletely and, often, insufficiently. mercy of providers,” agrees Robinson. Survey respondents also say the third biggest problem It is also difficult to determine exactly what data caused by cyber mobility in their organization today need to be backed up because the nature of is the loss of control over data (cited by 34 percent). “data” has changed. “Everything used to be stored on the device,” says Robinson. “But nowadays Respondents agree with the commonly cited cyber mobility is hard to separate from cloud risks associated with mobility. They are concerned computing.” Because of this, mobile security has to that their mobile device will be compromised be closely tied to cloud security. Concentrating on as a result of loss (66 percent) and poor back-up endpoint security by backing up individual devices procedures (55 percent). Downloads were fourth is becoming less important than cloud security— on the list of concerns (cited by 51 percent) after making sure the cloud data scattered across the the use of insecure networks (52 percent), another world are secure. growing problem which is associated with using various connections in remote locations. Cybersecurity in the Age of Mobility 11
  • 14. The survey also revealed users may claim a higher compromised. Yet, 64 percent say efficiency gains degree of awareness regarding security than they outweigh any potential security risks when it comes put into practice. Nine out of 10 say they would to working remotely, and 68 percent say the same alter their usage if they learned that it is likely that about the use of mobile devices. the information on their mobile devices can be Responding to Mobile Security Challenges Organiz ations that wa nt to tak e and renewal. At a tactical level, our survey advantage of the benefits of mobility must shows attention in this area currently is focused find a way to face the security challenges that on back-up procedures, security of remote come with them. Even explicit policies often access, and movement towards interoperability remain incomplete; in any case, part of the nature and standardization. of security is a demand for continuing vigilance F igure 4 Which of the following areas are covered by your organization’s policy regarding the use of mobile device(s)? Select all that apply. Personal use 78% Privacy 71% IT support 69% Use of secure/insecure wireless connections 68% Security software 64% Missing or stolen devices 64% Downloads (apps/games/other) 62% Backup procedures or data loss 58% The guidelines are general and I am not aware of my organization having any specific policies 6% Other, please specify 3% Don’t know 0% Source: Economist Intelligence Unit survey, August 2011 12 Cybersecurity in the Age of Mobility
  • 15. Proper Back-up Procedures The mos t fundamenta l organizational Some organizations respond by setting up finer- response involves setting up frequent and easy- grained controls over remote access: someone to-use back-up procedures for mobile devices. But with accounting responsibilities, for example, the move to cloud computing is complicating the might be permitted to prepare reports, but not task. “This is where everyone struggles and we do to transfer funds remotely. Olson says remote as well,” Mr. Olson admits. Backing up the data is access to his organization is controlled via a series relatively straightforward. The bigger problem is of security steps, including software installation, securing the data in case the device is lost. a secure sockets layer (SSL) connection, a virtual private network (VPN) and, of course, regular To deal with the possibilities of lost devices, changes of passwords. Olson tries to limit the amount of data resident on a particular mobile device and encrypts it. In Singapore, Chua Kim Chuan, Director of “We use an approach where data are fetched, Identity & Security Services, Information Systems viewed, and destroyed, in order not to leave any Division, MOH Holdings, the holding company information resident on the device,” he explains. of Singapore’s public healthcare assets, also uses All information is stored at a central data center. end-to-end encryption and strong authentication From there, he can recover what was on the procedures. But Mr. Chua Kim Chuan goes one device at all times (regardless of whether the step further by requiring that employees carry actual device is recovered or not). Inevitably, small devices that generate numeric “one-time” however, a small amount is still left on the device. passwords. These information tokens add a To deal with this problem, he adds a remote physical element to the authentication process. wiping capability that allows him to erase data “The trickiest part is to design a process that is easy remotely if the device is lost. while providing security,” says Mr. Chua Kim Chuan. Neil Robinson agrees. “If there are too many steps and passwords, then users will write them down,” Network Security he says. Writing instructions on paper, of course, defeats the whole purpose of a security procedure: and Remote Access If someone finds that piece of paper, the system’s security collapses. To balance convenience and safety, many organizations still require only a Another big problem involves controlling how user name and password—even for remote mobile devices get remote access to organizational access. However, a number of studies have networks. Giving employees “anytime, anywhere” shown that this combination is inadequate in access allows them to be more productive, but that most security situations. access inevitably weakens the central network’s defenses against intruders. A remote connection can serve as a pathway that allows a malicious app to access other users on the internal network. Cybersecurity in the Age of Mobility 13
  • 16. While 71 percent of respondents agree that their of scenarios, respondents are least confident with organization has taken security measures regarding regard to mobile devices: Only 22 percent say they mobility, the quality of policies in this area may be are well prepared in this area, compared with uneven. When asked how prepared their organization 50 percent who say the same about online access is to address security or privacy threats in a variety and 59 percent about the use of desktop computers. F igure 5 How prepared is your organization to address security or privacy threats to the following? The physical office location 100% 59% 37% 3% 1% The use of desktop computers 100% 59% 38% 2% 1% Online access 100% 50% 43% 5% 1% Mobile device(s) 100% 22% 63% 14% 2% Well prepared Somewhat prepared Not at all prepared Don’t know Source: Economist Intelligence Unit Survey, August 2011 Developing Company Policies and Leadership Mobility is increasingly pervasive, and awareness. Yohannan believes the lack of organizations must capitalize on it to remain awareness is pervasive in organizations and competitive in the marketplace. Organizations is not limited to users of mobile devices. must take a number of steps to respond to security Educational initiatives need to start within the challenges that mobility presents: organization. “We educate senior executives about security in terms they can understand,” • Make educational efforts on mobile computing explains Gordon. To educate users about a company priority. The most fundamental phishing, he will show them an actual phishing problem with mobile security is a lack of 14 Cybersecurity in the Age of Mobility
  • 17. Healthcare: Meeting Opportunities as Well as Threats Th e h e a lt h c a r e i nd u stry h a s gre at h op e s f or m o b i l e co mp u t i ng. It is increasingly using mobility to enhance the productivity and flexibility of its operations and to meet demands from patients. Electronic health (e-health) initiatives are the most commonly cited benefit on the horizon. These initiatives typically focus on developing electronic medical records (EMRs), which allow employees to evaluate results remotely and communicate information quickly. Telemedicine (tele-health) allows doctors to see their patients virtually and consult them at a distance. “From a security perspective, we have to look at all of this and see how we can enable it,” says Mr Olson about the future of digital healthcare. The industry is at a particular risk from mobility given the sensitive data it handles in the form of patient records. “We are mostly targeted for the information we hold about people and identity theft is our biggest threat,” observes Mr Olson. The primary suspects, therefore, are organized crime groups, rather than nation-states or thrill-seeking hackers. Their goal is to get a name and an address they can validate with another source. “The more data they can correlate, the more value it has on the black market,” he explains. To deal with the threat, health organizations are creating a variety of security policies. Survey results lend support to the idea that healthcare is a leader in policy development. 84% of healthcare respondents say they have a policy regarding the use of mobile devices compared to 77% in other industries. According to survey responses, the policies adopted by healthcare organizations also cover important aspects of security to a greater extent, such as privacy (89% vs 71%) and missing or stolen devices (78% vs 64%). The most pressing problem now, according to Andrew McIntyre, CEO of Medical- Objects Pty based in Australia, is not the lack of policy, but its implementation on the end-user side, as users of technology tend to trust vendors. Even in cases where suppliers clearly understand security matters, they feel little incentive to educate end-users focused on features and functionality outside the security domain. In addition to traditional logins and passwords, Dr McIntyre is promoting enhanced interoperability and better client-side security procedures, such as use of security tokens. “We can encrypt the transfer of data but we are stuck with a password to access it,” he says about the challenge to improve standards in the industry. “While the technology exists for client side tokens, virtually nobody uses it.” One way in which to overcome such challenges, according to Mr Olson, is for the security team to push new products to the healthcare professionals, instruct them in their benefits, and demonstrate their use. “By doing that we are out in front of the partnership and we can control expectations and parameters of use,” he suggests. • • Cybersecurity in the Age of Mobility 15
  • 18. e-mail used by hackers. “Our dashboard has • Encourage IT departments to lead by example. both the simple terminology as well as the IT departments are often seen by other technical one, but in the future I hope it will functions as an obstacle to greater mobility only have one,” he says about his initiatives to because they insist on various security policies. educate management. This can encourage IT departments to resist • Create comprehensive mobile security the latest technologies before proper security procedures. If there are no mandated security is in place or to establish too many passwords standards, or if interoperability is an issue to access a system. “Security teams should be in secure communication, companies need enabling teams rather than disabling teams,” to set the standard internally. “There is no stresses Olson. IT departments need to suggest substitute for strong policies,” says Olson, who new mobile technologies to other functions is constantly looking to enhance security in his to demonstrate that they want progress and organization. It is also important to make sure can take the lead in implementation. To do strong policies and standards are executed well this, it is crucial to construct explicit projects and enforced properly. At the very least, cyber with defined targets, benefits, alternatives, mobility policies need to address personal use, costs, and budgets. It is also important to set privacy, security of connection, and how to milestones of success to manage project risk, handle missing or stolen devices. and develop technical capabilities to assess the value that security provides. Conclusion The s takes asso ciated w it h fa i l i ng to e s ta b l i s h pro per m o b i l e s ec ur it y a r e h ig h. The costs associated with loss of a single customer record can be greater than a multiple of the lifetime revenues expected of that customer. Companies also need to construct written goals with objective criteria and track successes and failures associated with mobile security. They need to demonstrate to employees and customers that the organization is committed to mobile security. They need to keep stakeholders informed about the company’s experience with mobile security issues, and monitor the impact of these efforts. Security itself is often conceived in negative terms: data not leaked, lawsuits avoided, and authentication nuisances reduced. Once companies do these steps well, they will find that security becomes a positive value—customers and employees will become more comfortable and confident doing business with an organization known for its security leadership. • • 16 Cybersecurity in the Age of Mobility
  • 19. About Booz Allen Hamilton Booz Allen H amilton i s a l e adi n g prov id e r of management and technology consulting services to the US government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs more than 25,000 people, and had revenue of $5.59 billion for the 12 months ended March 31, 2011. Booz Allen understands that cybersecurity is no longer just about protecting assets. It’s about enabling organizations to take full advantage of the vast opportunities that the ecosystem of cyberspace now offers for business, government, and virtually every aspect of our society. Those opportunities can be imperiled, however, by rapidly emerging cyber threats from hackers (hacktivists), organized crime, nation states, and terrorists. We help our clients in both business and government understand the full spectrum of threats and system vulnerabilities, and address them effectively and efficiently. Booz Allen believes the key to cybersecurity today is integration—creating a framework that “thinks bigger” than technology to encompass policy, operations, people, and management. Through this Mission Integration Framework, organizations can align these essential areas to address the real issues, and develop cyber strategies and solutions that keep pace with a fast- changing world. To learn more, visit www.boozallen.com. (NYSE: BAH) About the Economist Intelligence Unit The Economist In t e l l ige n c e U n it i s pa rt o f t h e Eco n o m i st G r o up, the leading source of analysis on international business and world affairs. Founded in 1946 as an in-house research unit for The Economist newspaper, we deliver business intelligence, forecasting and advice to over 1.5m decision-makers from the world’s leading companies, financial institutions, governments and universities. Our analysts are known for the rigour, accuracy and consistency of their analysis and forecasts, and their commitment to objectivity, clarity and timeliness. Cybersecurity in the Age of Mobility 17
  • 20. An Economist Intelligence Unit research program sponsored by Booz Allen Hamilton ©2011 Booz Allen Hamilton Inc.