A full 63% of Americans said that they did not regularly use or update passwords on their mobile devices, according to the Unisys Security Index survey.
“As millions of consumer devices such as mobile phones continue to penetrate the workplace, the survey’s finding on consumers’ inattention to securing mobile devices should serve as a wake-up call for consumers and enterprises to actively pursue measures to protect the information exchanged with and residing on these devices”, said Mark Cohn, vice president of enterprise security for Unisys. “Enterprises, as well as the manufacturers of mobile devices, should take steps to ensure that sensitive data protection is enabled by default and is as simple and convenient as possible.”
In an interview with Infosecurity, Steve Vinsik, vice president for critical infrastructure protection at Unisys Federal Systems, offered a more sanguine view of consumers’ lack of interest in mobile device security.
“This result can be seen in a number of different ways. One, the mobile device is just a tool to get into the application that they use on the internet; these applications have user names and passwords. So consumers do not see these devices as a place to store their secure information, but more as a portal to access their personal information online, and that’s where they have the stronger passwords,” Vinsik observed.
Two, more people are bringing their personal mobile devices into the corporate enterprise, where security concerns are higher, he said. As a result, the enterprise is imposing information security measures on these mobile devices as a requirement for use in the corporate environment.
“As an enterprise, I can institute a password policy requirement on that mobile device. If an employee wants to get on my network, I’m going to require that they have a digital certificate and a complex password. So, are we concerned that a large part of the public doesn’t want to have passwords on their mobile devices? No, we don’t see that as a big security concern. We see it more as a question of how they want to use the device”, he observed.
In another noteworthy survey result, 61% of Americans favored giving the US president the authority to shut down portions of the internet, a so-called kill switch. “Our survey shows that the American public recognizes the danger of a cyber attack and wants the federal government to take an active role in extending the nation’s cyber defense”, said Patricia Titus, Unisys chief information security officer. “It will be up to officials in all branches of the federal government to respond to this call to action in a way that is measured and well planned.”
Congress is currently considering legislation that would significantly expand the president’s powers in the area of cyber defense, including the authority to declare a state of emergency and shut down industrial networks and parts of the internet. However, no action is expected on the legislation until after the mid-term elections.
Vinsik noted that the president already has the power to shut down the telecommunications network under the Communications Act of 1934, as amended in 1996, in case of emergency or war. “The authority is already there. The debate is whether that authority should be used for the internet,” he said. “The concept is a great idea, but the substantiation and deployment of it raises a number of issues, such as economic impact and privacy concerns”, he added.
The biannual Unisys Security Index surveys consumer opinion in four areas of security: financial, national, internet, and personal safety. More than 1000 Americans responded to the latest survey. The results are tallied on a scale of 0–300, with 300 representing the highest level of concern.
In the latest survey, the overall score for the United States was 136, a dramatic decline from the 147 posted in the February 2010 survey, reflecting a decrease in concern across all four areas of security.
National security and financial security continued to rank as the US public’s greatest areas of concern, with more than half (59%) “extremely” or “very” concerned about US national security. In addition, 57% of Americans were seriously concerned about identity theft, and the same percentage was also seriously concerned about credit card and debit card fraud.
American’s fear surrounding internet security continues to be on the decline with the number of Americans “not concerned” about computer security in relation to viruses or spam increasing to 34%, the greatest number since the Index’s inception. The most dramatic decline was reported in those “seriously concerned” about the security of shopping or banking online, from 43% in February 2010 to 34% in August 2010.
The survey is conducted in 11 countries, involving more than 10 000 consumers worldwide. According to the global results, security concerns were highest in Brazil, which reported an overall index score of 185, closely followed by Hong Kong with a score of 172. The Netherlands reported the lowest level of concern with an overall score of 71.