A new survey from ABI Research on behalf of Cellcrypt shows that a majority of large and medium U.S. businesses are failing to adequately protect themselves against the growing threat of mobile voice call interception. This leaves them vulnerable to loss of sensitive and confidential corporate information.
Businesses clearly recognize the threat of cell-phone interception; three-quarters of the surveyed corporations have a security policy covering cell-phone calling and four out of five IT professionals surveyed believe that cell phones are equally or more vulnerable to interception than e-mail.
Yet, the research shows that while mobile phones and e-mail are both used routinely to communicate confidential information – with 79 percent of organizations that discuss sensitive or confidential information over mobile doing so at least weekly and half doing so daily – only 18 percent have explicit mobile voice call security solutions in place.
Research has shown that data loss can have a major impact on market capitalization, reducing it by as much as 5 to 10 percent, as well as resulting in lawsuits for senior executives, severely damaging their reputation.
The growing problem was highlighted in August, when German hackers announced a project to create a code table that cracks the encryption of GSM mobile calls, used in 80 percent of the world’s cell phone calls. This codebook is planned to be freely available within the next six months, and significantly lowers the bar for everyday hackers to crack GSM calls using only a high-end laptop.
One alarming fact emerging from the survey was that 55 percent of respondents in IT roles thought that their organization had implemented mobile voice call encryption solutions, but on further investigation, only 18 percent had actually done so.
“Effective email security has become routine but our research shows most businesses do not apply anything like the same level of robust security to cell phone calls. Companies that do not respond are exposing themselves to attack,” said Stan Schatt, vice president and practice director, Healthcare and Security, ABI Research.
Security of mobile voice calls is not limited to interception of radio waves between a cell phone and a base station mast; interception risks occur at various segments along a call path which may involve multiple network operators in a variety of countries each having a different level of security measures and risks.