Seventy-nine percent of organizations recently surveyed reveal their employees conduct confidential conversations over their mobile phones, yet only 18 per cent of those actually have mobile voice call security in place.
Simon Bransfield-Garth, CEO of U.K.-based voice call encryption vendor Cellcrypt, said that while a mobile device like a BlackBerry is a secure device unto itself, a voice call is not necessarily secure as it passes through a network carrier's infrastructure.
“So you have no easy way of ensuring you have end-to-end security on your voice,” said Bransfield-Garth.
The study commissioned by Cellcrypt and conducted by ABI Research polled 250 senior executives, two-thirds of whom worked in IT.
Bransfield-Garth said people have been long aware of risks surrounding data, but voice data was until now perceived quite differently. “People are just getting to the awareness now that voice calls are just another form of data,” he said.
The study also found that four out of five respondents currently believe cell phones are equally or more vulnerable to interception than e-mail. People have a similar view of the risk to voice calls and e-mails, but because e-mail has been around much longer users have some sort of protection in place, said Bransfield-Garth.
He said mobile voice call security technologies are not solid like VPN (Virtual Private Network) for e-mail “whereas voice solutions very often don't get further than 'Be careful where you use your mobile phone.'”
Much of what should go into a security policy in tandem with technology is common sense, said Bransfield-Garth, for example not conducting a confidential conversation where others can overhear it, or not leaving your mobile device lying around where someone can interfere with it.
Voice call security technology, at this point, is mainly used by senior management in a company, noted Bransfield-Garth.
Francis Ho, executive committee member of Toronto-based Federation of Security Professionals (FSP), said he hasn't observed much noise around voice call security technologies, perhaps due to a lack of awareness.
Ho doesn't dismiss the risk inherent in making mobile voice calls, but he doesn't think intercepting voice data is that simplistic either. “It requires a moderate amount of effort,” he said.
The average hacker will most likely spend time on more fun projects like writing the next virus than trying to intercept mobile voice calls because the average mobile conversation won't be the deliciously confidential kind, said Ho.
That said, a hacker could decide to target a specific individual “like Bank A pissed me off and now I'm going to follow their CEO around to see what dirt I can dig up,” said Ho.
Ho gives an analogy of the point-of-sale system where the average consumer is not deterred despite the potential for fraud loss. The same applies to the average mobile phone user who chooses convenience over risk. But Ho does note that corporate executives are not exactly average users.
“The average person isn't going to care,” said Ho.