Should We Believe the Hype?
Stephen Fast
Lead, Cyber Innovation Strategy
Cyber Innovation Division
Applied Research Laboratory
The Pennsylvania State University
saf8@psu.edu
Backdrop
• Much discussion and hype
– Real danger or paranoia
– Follow the money
• Vulnerability in antivirus software
• “Worry-free experience”: Director of Cyber
Security Technology and
Initiatives, Intel Corporation
• The customer is always right
PC trends
•
•
•
•
•
•
•
Capability ↗
Complexity ↗
Vulnerability ↗
Attacks ↗
HW costs ↗
Exploits ↘?
PCs have become more complex, more costly,
expensive with unimproved security→
opportunity for mobile devices
Trends
• Smart phones outsold PCs beginning in Q4
2010
• Smart phones, tablets, mobile devices + cloud
= more utility and advantage for most
customer applications
• Strong brand loyalty (84% Apple, 60%
Android)
• Battery longevity #1 customer complaint
Can the promise be fulfilled?
• Consumers prefer convenience over security
– 32% believe smartphone is secure, 21% believe
secure enough to make a purchase
• Mobile device attacks increasing
• Publicity war about threat
• Are we going to make the same mistake we
made for PCs for mobile?
Stakeholders
• Consumers
– 38% use mobile for payments, 18% for banking
– Fast adoption of mobile credit card readers (1000%
growth)
– Low adoption of security protection adoption for mobile
devices
– Pervasive belief mobile devices are more secure than PCs
• Lacking awareness
• Low personal experience (except marketing)
– $0 liability protection for credit cards
Stakeholders
• Banks
– $0 liability protection for credit cards → its really the
credit card companies and vendors problem
– Financial loss and liability
• Business
– Mostly driven by sensitive data leaks and business IP
concerns
– Primary drivers
• Early adopters of BYOD driven by productivity gains and
competitiveness
• Others will segregate, control or deny devices
• Competition will decide
Reasons for pessimism
• Financial incentives for carriers (managers of the devices)
– Short duration support
– Infrequent updates
– Renew every two
• Limited resources
– Battery
– Bandwidth
• May drive knowledgeable consumers to jailbreak devices
– Large malware exploit concern
• Some researchers believe mobile device security is
significantly behind PC
Reasons for Optimism
• Devices built with understanding of previous
security issues
• Wide adoption for IT cost savings
• Productivity promise for adopters of BYOD
• Financial sector to meet consumer and
business demand
• Stabilization of iOS and Android OS
• Growing awareness
Conclusions
• Unclear whether security within technological
reach
– If so, it requires serious commitment
• Align incentives
• Identify market proponents willing to invest
– Vested interest in outcome
– Compelling business case
– Proponent may not b e obvious