Should We Believe the Hype?

Stephen FastLead, Cyber Innovation Strategy

Cyber Innovation DivisionApplied Research Laboratory

The Pennsylvania State Universitysaf8@psu.edu

Backdrop

• Much discussion and hype– Real danger or paranoia– Follow the money

• Vulnerability in antivirus software• “Worry-free experience”: Director of Cyber

Security Technology and Initiatives, Intel Corporation

• The customer is always right

PC trends

• Capability ↗• Complexity ↗• Vulnerability ↗• Attacks ↗• HW costs ↗• Exploits ↘?• PCs have become more complex, more costly,

expensive with unimproved security→ opportunity for mobile devices

Trends

• Smart phones outsold PCs beginning in Q4 2010

• Smart phones, tablets, mobile devices + cloud = more utility and advantage for most customer applications

• Strong brand loyalty (84% Apple, 60% Android)

• Battery longevity #1 customer complaint

Can the promise be fulfilled?

• Consumers prefer convenience over security– 32% believe smartphone is secure, 21% believe

secure enough to make a purchase• Mobile device attacks increasing• Publicity war about threat• Are we going to make the same mistake we

made for PCs for mobile?

Stakeholders

• Consumers– 38% use mobile for payments, 18% for banking– Fast adoption of mobile credit card readers (1000%

growth)– Low adoption of security protection adoption for mobile

devices– Pervasive belief mobile devices are more secure than PCs

• Lacking awareness• Low personal experience (except marketing)

– $0 liability protection for credit cards

Stakeholders

• Banks– $0 liability protection for credit cards → its really the credit

card companies and vendors problem– Financial loss and liability

• Business– Mostly driven by sensitive data leaks and business IP concerns– Primary drivers

• Early adopters of BYOD driven by productivity gains and competitiveness

• Others will segregate, control or deny devices• Competition will decide

Reasons for pessimism

• Financial incentives for carriers (managers of the devices) – Short duration support– Infrequent updates– Renew every two

• Limited resources– Battery– Bandwidth

• May drive knowledgeable consumers to jailbreak devices– Large malware exploit concern

• Some researchers believe mobile device security is significantly behind PC

Reasons for Optimism

• Devices built with understanding of previous security issues

• Wide adoption for IT cost savings• Productivity promise for adopters of BYOD• Financial sector to meet consumer and

business demand• Stabilization of iOS and Android OS• Growing awareness

Conclusions

• Unclear whether security within technological reach– If so, it requires serious commitment

• Align incentives• Identify market proponents willing to invest

– Vested interest in outcome– Compelling business case– Proponent may not b e obvious