McAfee reveals mobile malware attack trends

McAfee has announced findings from new research that reveals mobile operators globally are experiencing more mobile malware attacks than ever before, and spending more time and money on recovery from these attacks.   The research found that nearly half of the operators who have experienced mobile malware outbreaks have had one within the last three months. Twice as many mobile operators spent over $200,000 on mobile security in 2006, compared to 2005.

The Informa Telecoms & Media (ITM) study, sponsored by McAfee(R), is one of the first of its kind to examine in detail mobile operators’ past experiences, current attitudes and future plans with regards to mobile security.  The research reveals that mobile operators are already feeling the impact of mobile threats on customer satisfaction and network performance and are increasingly concerned about the potential impact on their brand and the success of new revenue-generating services.

The Situation Today The purpose of the study was to discover to what extent mobile operators are affected by mobile threats. The findings revealed that:

83 percent of mobile operators questioned have been hit by mobile device infections

The number of reported security incidents in 2006 was more than five times as high as in 2005

The number of mobile operators in Europe and APAC reporting incidents affecting more than 1,000 devices more than doubled in 2006

100 percent more operators spent over $200,000 on mobile security in 2006 compared to 2005

The number of mobile operators estimating that the cost of dealing with mobile threats is more than 1000 hours increased by 700 percent

The main impact of security incidents was on customer satisfaction, a key issue in an industry still plagued by high turnover. Nearly one-third (29 percent) of operators stated that subscriber satisfaction had suffered more than any other factor including revenue. The second most serious impact from mobile malware infections was on network performance.

Establishing a Mobile Security Strategy The research clearly indicates that mobile operators are concerned with the impact of mobile security on their business. Almost 80 percent cited impact on public relations or their brand as of high concern, closely followed by the loss of credibility in the reliability of new services—a crucial issue as operators seek to increase average revenue per user (ARPU) and lifetime value in maturing markets.

Despite the fact that most mobile operators are experiencing mobile security incidents and are concerned with its future impact, the research also highlights a large gap between the kind of protection operators consider important and that which they actually deploy. Less than one-third of the operators who consider application and device-level protection important actually deploy protection at these levels. Furthermore, although fewer operators consider network level protection important, more than half deploy protection at this level.

In line with the growing importance of mobile security to service providers, 85 percent of those questioned plan to increase their mobile security budgets to tackle issues including network intrusion, mobile viruses, denial-of-service attacks, spam and mobile phishing (SMiShing.)

“This research clearly demonstrates that mobile security is moving quickly up the industry agenda with the number of malware incidents rising and more time and money being dedicated to resolving mobile security issues,” said Victor Kouznetsov, senior vice president of McAfee Mobile Security. “As mobile data use and functionality proliferates and mobile operators around the world are transforming their businesses from airtime revenue models to transaction- based and content-centric businesses, security is becoming an essential enabler for the success of new revenue-generating services.”

The research follows the recent announcement of McAfee Mobile Security Risk Management, a new, modular three-prong approach to enable mobile operators designed to help carriers create a secure framework on which to build future services.  The approach allows mobile operators to understand and mitigate security risks to their business, to protect and give peace of mind to customers, and to avoid the negative impact on their brand and business from malicious attacks.

The research was conducted by Informa Telecoms & Media between December 2006 and January 2007. An email invitation to complete the anonymous survey online was targeted at mobile operators worldwide. Respondents were also given the opportunity to participate in more in-depth follow-up interviews carried out by ITM. A series of confidential individual interviews were carried out to complement, verify and expand on the survey results. There were more than 200 responses to the questionnaire.