While Communications Service Providers (CSPs) tell their customers they are more than ‘simply' network utilities, it stands to reason that they need to provide similar levels of service to traditional utility companies such as water or energy providers.
In security terms this means offering a certain level of information protection - as has been said more than once, just as we expect water to come out of our pipes clean, so we expect the same for our information.
This doesn’t mean that the onus is entirely on the CSP, of course. Across the history of end-point security, providers and software vendors have had to work together to help protect the confidentiality, integrity and availability of data whether it is at rest on a PC, or in transit across the network.
More recently, the rise of mobile computing has seen handsets start simple and become increasingly complex, meaning that consumers are not always well prepared against potential attacks. As our Internet Security Threat Report (ISTR) illustrates, only half of the mobile subscribers have basic security measures (incl. security software) in place and also they are less careful in dealing with suspicious emails and messages compared to subscribers on PCs. Meanwhile the number of mobile users having had experience of mobile cybercrime in the past 12 months is running at 38% and rising.
As subscribers often associate their mobile devices with their CSPs, there is a huge opportunity for providers to educate their customer base and additionally offer appropriate mobile security measures, for example by bundling security services with their devices or mobile tariffs.
This has a number of benefits, from increasing customer loyalty and the stickiness of their offerings (and potentially increasing ARPU), to protecting their own networks from new threats like botnets, and reducing the risk of becoming blacklisted.
The rate of change in the market remains the biggest challenge - the bad guys can exploit both complexities inherent in the architecture and the fact that people are slow to react or adopt measures. To counter this challenge, our advice to CSPs would be to work on making things simple for consumers, on a number of fronts.
The first of course, is making any security features as transparent and manageable as possible - the user should need to do the minimum for a service to be active, and it should not get in the way of day to day activities.
Beyond this there is the question of how security products are packaged and licensed. For example CSPs can offer converged security, with flexible licensing models that work across multiple devices and operating systems (for example Windows PCs, IOS phones, Android tablets, …). Finally, marketing, selling and billing processes can be designed with security and information protection in mind, for example offering a premium service with all-in security and backup.
Mobile security has yet to reach a point where it significantly undermines consumer confidence in their smartphones (as happened with PCs in the late 1990’s). I hope it never will, but even as the risks continue to grow, the opportunity exists to deliver better security-minded services to consumers whatever devices they use and benefit as a result.