The survey, conducted amongst 250 senior executives in both medium and large organizations showed that despite regularly discussing financial information (78%), employee data (66%), as well as IP (51%) and commercial secrets (50%), the majority of these conversations are unprotected despite over 80% of respondents believing mobile phones to be as vulnerable, if not more so, than e-mail communications if leaked. Of those who admitted to regularly discussing sensitive information, 80% believed, if leaked, this information would have a major impact on the organization.
In addition to other interception methods such as man in the middle scams and on-device taps, the threat of mobile voice interception has intensified recently with the cracking of encryption on GSM mobile phone calls. In December, the Chaos Computer released the GSM Codebook, a large lookup table of pre-generated GSM encryption keys which allows hackers to rapidly crack A5/1 - the encryption standard for GSM mobile phone call security. Just two weeks later, leading cryptographer Adi Shamir, published a white paper detailing a practical method for cracking the next generation of encryption standard, A5/3, in less than two hours.
"The inherent insecurities of GSM encryption have been well publicized, even though most governments and enterprises have been aware of this threat for a while," said Simon Bransfield-Garth, CEO Cellcrypt. "However, this research shows there is still confusion out there about whom, when and how people should be protected from this threat. Organizations need to start taking serious steps to consider coherent security strategies that protect multiple weak spots against attack. This work needs to start sooner rather than later as standard GSM encryption becomes unreliable and open to easier interception within the next six months."
Despite 92% of respondents considering it the organization's duty to provide employees with mechanisms to protect information or their own personal safety when travelling to high-risk areas, several admitted confusion over who was responsible, with Heads of IT, Security, Networking and Operations all being assigned responsibility**.
"Despite sometimes being viewed as something for the movies, crimes such as corporate espionage, kidnap for ransom and extortion by organized criminals can and do happen," commented Stuart Quick, Operations Manager at Henderson Risk Limited. "Mobile voice interception is one way in which these crimes can be facilitated. The increasing interception risk underlines the need for organizations to adopt a robust approach to securing these calls, especially when the senior managers in departments such as finance and legal are prime targets."
*When asked whether senior managers in key departments use voice call encryption solutions for mobile phone voice calls, the survey found that just 13.5% of financial, 17.1% of legal and 18.3% of research and development departments had solutions deployed.
**When asked who in their organization is responsible for ensuring the security/preventing the interception of voice calls, 53% responded the Head of IT, 21% responded security, 7% responded Networking and 6% responded operations.
Cellcrypt is the leading provider of technology to secure mobile voice calls on everyday smartphones. Founded in 2005, Cellcrypt's R&D innovation resulted in Encrypted Mobile Content Protocol (EMCP), an Internet Protocol (IP) based technology that optimizes delivery of encrypted data between mobile devices over wireless networks.
Cellcrypt's products are undergoing security certification to the FIPS 140-2 standard approved by the US National Institute of Standards and Technology (NIST), operate over data-enabled networks including 2G (GPRS/EDGE), 3G (HSPA, CDMA/EV-DO) and Wi-Fi½, and are optimized to run on Nokia½ Symbian and BlackBerry½ smartphones. Cellcrypt is a BlackBerry Alliance Partner and Inmarsat Connect Partner.
Today, Cellcrypt solutions are used routinely by governments, enterprises and senior-level executives worldwide. Cellcrypt is a privately-held, venture-backed company with headquarters in London, UK and offices in USA and Middle East.
For more information please visit: www.cellcrypt.com