Gautam Hazari, Technical Director, Identity, GSMA
We are in a race against time to develop defences capable of dealing with increasingly dangerous cyber threats, security experts have warned. This was the consensus among the wider mobile industry’s leading security experts at last month’s Mobile 360 Series Privacy and Security conference in The Hague. The event, which is designed to establish common approaches to solving the security issues of the day, was in large part, dominated by the severe impact of recent malware attacks, most notably WannaCry, which affected major institutions across the globe.
One of the chief concerns was the lack of global coordination in countering cyber-attacks, which according to attendees, looked increasingly capable of the threatening life and extracting money from its victims. Experts were particularly concerned that cyber attackers, after successive high-profile attacks, are becoming more emboldened, and are beginning to turn hacking on an industry. Drawing on WannaCry as an example, experts warned that, with its various payment schemes and corresponding levels of ‘customer support’, malware was adopting more sophisticated ways to force users to pay.
Speakers argued that ransomware has the potential to pose direct threats to human safety with the increase of new connected devices and services. Attendees predicted a rise in attacks that are concentrated over a very short time frame, forcing people to make payments in a very small window of opportunity to avoid damage. In such instances, connected cars, air and water quality monitors, intelligent transport systems and smart utilities are just a few things which could be targeted to devastating effect.
Yet there are ways in which such a situation can be avoided or mitigated. The first step involves industry-wide acceptance of the logic that, ‘we are only as strong as the weakest link’, and that companies should therefore share best practices and make each other aware of security flaws when they become apparent. Telefónica, for example, stressed the importance of transparency when dealing with cyberattacks; sharing information and being honest with customers is the best way to alert others to security threats and retain consumer trust, respectively.
Many agreed that raising awareness of security and privacy should be a crucial part of any strategy to reduce attacks. There was agreement that the onus was on the industry to educate consumers, yet to do so in such a way which accepts that they could not be expected to take long, complex steps to improve their security. General awareness could also be raised by governments and regulators taking a more positive approach to educating its citizens, particularly through passing regulation which sets minimum standards for security and privacy.
To this end, the event also hosted a debate on the EU’s new incoming General Data Privacy Regulation (GDPR), designed to give user’s more control of their data. Here, experts were keen to highlight that, before implementation, the industry should take steps to ensure that it could work with the fast pace of change of digital identity.
Many experts argued that the industry needed to work closely with regulators to make sure as many companies as possible were GDPR compliant and that they could fulfill GDPR’s aim to protect consumer privacy by ensuring they share information according to what the consumer has allowed.
For more information on how Mobile Connect can be used to protect users’ data, please visit gsma.com/mobileconnect