According to a research called “The Impact of Mobile Devices on Information Security” published by Check Point® Software Technologies Ltd., the number of mobile devices connected to corporate networks doubled in 2010-2011. Half of these devices contain confidential information.

The management of 70% of the surveyed companies are confident that it is the use of mobile devices that results in the increased number of data leaks. This mostly happens when devices containing corporate emails (80% of cases), client databases (around 50%) and corporate passwords (around 40%) get lost or stolen.

Corporate users are actively embracing mobile devices and services, thus creating a lot of problems for IT experts responsible for the security of corporate data. Modern standards do not cover new security threads, and yet it’s not reasonable to completely stop using mobile devices, since they give users a number of advantages that boost their performance and provide them with quick and convenient mobile access to corporate resources.

Check Point report highlights:

• In 94% of companies, the number of mobile devices connected to corporate networks has increased.
• In 78% of companies, their number has more than doubled over the past two years.
• The most popular mobile platforms used in corporate networks are:

1. Apple (30%)
2. BlackBerry (29%)
3. Android (21%)

• 43% of companies believe that Android-based devices pose a serious threat to their information security.
• The key threats undermining information security are:

1. Lack of knowledge in the information security field among corporate users (over 70%).
2. Use of mobile devices for web browsing (61%)
3. Use of unprotected wireless connections (59%)
4. Device loss of theft (58%)
5. Downloading of malicious software to mobile devices (57%).

Chaos Computer Club (CCC), a Germany-based hacker group, published a proof of the use of spyware by the government, which resulted in a serious scandal on the highest level.

The spyware mentioned in the publication was found on a laptop that belonged to a person who was suspected of illegal export of pharmaceuticals. The program was allegedly installed during a customs inspection at an airport.

This program captures the URL’s of visited websites and email communications and then sends the collected data to a remote server, presumably outside the country. Besides, it allows the operator to upload and launch any applications on a remote computer.

Joachim Hermann, the Minister of Interior of Bavaria, confirmed that state authorities in this land had been using spyware since 2009, but refused to provide specific examples. In his opinion, this practice in not in breach of any laws, although this issue is subject to further discussion. Authorities from three other lands (Baden-Württemberg, Brandenburg and Niedersachsen) also confirmed that they had been using similar software.

In response to the furious public reaction, some high-profile authorities were forced to provide comments on the situation.

Germany’s Minister of Justice, Sabine Leutheusser-Schnarrenberger, and Chancellor Angela Merkel demanded that a thorough investigation of the incident be conducted. The result of this investigation should be a mechanism aimed at protecting the citizens’ rights to privacy.

Therefore, Germany’s laws related to the use of spyware may change considerably in the nearest future.

According to a research conducted by the Internet Development Fund, children in Europe and the NIS states usually know more about the Internet than their parents do.

From the one hand, this is a positive and logical thing. From the other hand – we don’t really know how children understand the basics of online security. Regular incidents involving Internet fraud and harassment prove that the problem is very real and the level of online threat awareness among teenagers is very low.

You can try to shield your kids from such threats in many ways, but you must be ready to face the fact that an Internet-savvy teenager won’t have any problems finding a workaround. And that is why you, as a parent, will have to explain the basics of online security to them.

Google has published a guide for parents and teachers that explains how online dangers can be avoided and how the rules of online conduct can be efficiently communicated to minors. All of these materials have been published as “Family Safety Center”.

The guide contains articles written by Google and other companies working on the problems of online security for children.

However, we should not forget than no technology, even the most advanced one, will ever be able to replace parental control and proper upbringing.

Karsten Nohl, a German network security and cryptography expert, announced the discovery of a relatively simple technique of intercepting and decrypting data transmitted over the GPRS protocol.
His team also discovered that many mobile carriers use a low-security variant of GPRS, while some of them disable GPRS traffic encryption altogether.
There can be two reasons behind such ignorant attitude of mobile carriers to the security of their clients’ data:

• An attempt to save on equipment required for proper data protection.
• Deliberate disablement of data encryption for retaining access to clients’ data.

Karsten Nohl claims that his discovery is far from being theoretical: his team was able to capture and decrypt data in T-Mobile, O2 Germany, Vodafone and E-Plus networks. What made matters worse was that they did not have to use cumbersome equipment (they used a reflashed Motorola C-123 phone) or expensive software (they only used publicly available freeware). Even in this case, they managed to capture data in the radius of 5 km.
The details of this technique have not been published yet to avoid damage to the clients of cell phone companies. The research group believes that it’s high time that mobile operators did their homework and configured their GPRS gateways and checked all cryptographic systems, as the methodology they followed will be made public shortly.
However, Russian operators were quick to react: according to “The Big Three” (Beeline, Megafon, MTS), they don’t see how this could jeopardize their clients’ security and suggest using better-protected technologies, such as 3G.

Companies working in the internet security business have been conducting annual research for several years on data protection in organisations. Their reports show that fro 2008 to 2011 the situation has changed significantly. Theft and leaks of secret information have massively increased.

At the same time hackers are attacking corporate web sites more often, successfully stealing company secrets. There are specific reasons for this.

1. Data is saved on devices difficult to make secure.

With the development of mobile technologies and wireless communication systems employees of large companies are becoming more interested in accessing their work information using mobile devices (telephones, smartphones, tablet computers, laptops). It is extremely difficult to protect such devices from even simple theft, even though they often contain important corporate information.

2. Workplace remote access systems.

These are becoming more popular, and they are much simpler to break into than internal closed corporate networks.

3. Use of cloud services for storing information.

Corporate cloud systems often lack the necessary security and there is a high risk of losing information stored there. In addition such systems are often located outside the reach of company specialists (hosting in other countries), which makes it harder to organise the appropriate security measures.

4. High demand for corporate data.

The significantly increased demand and high cost of such services encourages hackers to attack company networks. Hackers can easily sell stolen marketing statistical data or development codes for new software at a high price.

5. Incorrect response to discovered vulnerabilities.

In many cases companies do not even realise that information has been stolen. Moreover, only half of companies who discover information leaks try to restore and improve their security system. Only 30% turn to network security consultants and experts.

Experts recommend, as a precautionary measure, that companies strictly control the staff members who have access to secret information.

It is necessary that mobile devices are carefully controlled with, at the very least, password protection.

Information on internal computer systems (and also the stored information) should not be given to people who have no relation to the company’s security services.

This conclusion was made by Microsoft after an extensive international research that analyzed the behavior of users online and their perception of online security. Users from over 20 countries, including Russia, took part in the research.

According to this study, only 36% of Russian users fully recognize the importance of keeping their browsing history confidential, but over 63% are confident that the Internet must be safe.

The results are slightly different on the global scale, but the figures as still in the same brackets. Users called page loading times, user-friendliness of browsers and privacy the next most important aspects of comfortable Internet surfing after security and protection from viruses.

Around 60% of all users would not want anyone else to have access to their browsing history, and 20% are afraid of this actually taking place.

The sites that users would not want seen in their browsing history are mostly online banking sites and porn sites.

McAfee, Inc. has published research on how aware companies are of risks associated with computer security. This report shows that almost half of the organisations do not have a reliable defence against such risks, or do not know anything about them at all. Only 20% of companies have confidence in their IT security provisions.

Despite the fact that a large number of programs have appeared this year which analyze IT security of corporate networks and check compliance management, they have not been very popular. Corporate users prefer integrated solutions to narrowly specialised products.

Due to changes in legislation the need for security policy compliance is an issue for 75% of companies, while 10% have already received fines. Databases containing personal information have caused the greatest problems, so they have received the greatest attention.

“Organizations are under increasing pressure to protect customer information and privacy, as well as their own sensitive business information, driving the need for a strong focus on risk and compliance management. As the results of this study show, companies recognize the need to improve risk management through better identification of threats, vulnerabilities and countermeasures, as well as the need to improve policy compliance through more automation of IT controls,”

said Stuart McClure, senior McAfee vice president.

According to researches, the number of users affected by cybercrimes in 2010 dwindled by nearly 30% and reached 8 million, which is 3 million fewer than in 2009.

However, despite the decline in the number of victims, the actual damage was much more substantial. This happened due to the fact that attackers used much more intricate and modern techniques with a purpose of inflicting maximum damage and making as much profit as possible on every intrusion.

Old methods, like theft of credit card details and one-time cashing of the stolen money, are rarely used these days, since they are easy to track down. Attackers are using increasingly complex and hard-to-detect schemes. For instance, a fraudster can steal your personal data, open a new bank account, take a bank loan or get a new credit card to cover his tracks…

The calculated value of an average damage per user explains the research results: it grew by 63% to $630 in the period of 2009 to 2010.

According to a research by Javelin Strategy, the growth of retail sales entails a decline in cybercrime rate. The experts who discovered this correlation believe that the rather bad results for 2010 are directly related to the consequences of the global economic crisis.

The recruiting company HeadHunter carried out research in 2010 where they questioned 1600 employees of Russian companies on information security.

The research showed that the management of most companies worry about this issue: 75% of companies have strict rules on working with internal information and the larger the staff the stricter these rules are.

• The management of more than 30% of companies had experienced information leaks.
• More than 30% of those employees questioned know that their personal correspondence and blogs are monitored.
• 68% of those questioned admitted signing agreements on information disclosure on joining their company.
• 52% are aware that special software tracks their computers and 24% that memory sticks are banned.

Despite this, 51% of those questioned believed that they could tell one of their friends or relatives office secrets, while 30% have already done so. Among those questioned were also people who had passed on secret information to competitors.

According to the data from this research, the presence of a company security service makes almost no difference.

The analytics company InfoWatch, which has gathered statistics on information leaks since 2004, estimates the loss due to leaks in 2010 at $200 million. Their statistics show that the internet was the third major source of information leaks after mail and various mobile, data storage and paper media.

It is also interesting that, according to InfoWatch data, that the most popular method, blocking staff access to social networks, does not in any way correlate to the probability of information leaks.

ChildWise, a British research agency, has published a report based on surveys completed by two thousand kids aged 5-16 from 92 different schools.

The report clearly states that various Internet-enabled devices are gradually becoming a sort of “virtual nanny” and Internet is becoming the children’s playground.

The Internet is steadily replacing television that has been playing this role for years.

The following figures from the report appear to be quite interesting:

• School-aged children spend less time every week on doing their homework than on using their computers.
• Around 97% of schoolchildren aged 11-16 have a personal cell phone (89% for adults and 30% for 8-year-olds).
• Most of them use their phones for going online.
• Around 60% of children aged 11-16 have a computer and a TV set and 50% of them have permanent Internet access.
• These kids spend their free time in social and torrent networks and on video portals.
• Over 30% of kids aged 7-10 use social networks, although it’s only legal for children aged 13 and above.
• 30% of the respondents have a personal blog and 62% have a profile in a social network.
• Children with Internet access spend an average of 1.7 hours online every day, slightly more on watching TV and just as much time on playing computer games.

Doctor Emma Bond, a child development expert, believes that it’s high time for many parents to re-evaluate the situation, restrict access to television and websites and start educating their children on their own. She also added that “school-aged children also use cell phones for sexual development by using them as a means of establishing intimate contacts with each other”, which is an important element of the personality formation process.