Users have to be careful about the apps they download and the links they click on.
There are more mobile phone connections in the world than the population. Each of them needs a security cover in the same manner that organisations offer to their computers and digital systems.
The latest insights from GSMA Intelligence point to a total of 5.60 billion unique mobile subscribers around the world today, which equates to 69.4% of the total population. Mobile phone adoption increased by 2.7% over the past year, with the addition of 145 million new users.
Internet user figures have grown by 3.7% over the past year, to reach 5.30 billion in October 2023. This figure equates to 65.7% of the world’s population, although delays in reporting mean that actual internet penetration is likely higher than these figures suggest.
Protecting each device is no longer an option but has become the urgent need of the hour. Mobile device holders are citizens, consumers and employees. In each of these roles, their data is being used or relayed via their mobile devices.
The mobile users’ population is set to grow consistently in the next few years. While many of these will be digital natives, most others will be part of the digital mainstreaming, which is bringing telecom access to first time users.
Both these categories need protection. With even experienced mobile device users being tricked and scammed, the need to inform, educate and protect new users of mobile device becomes a global imperative.
While awareness about data security is rising, it is still difficult to pin accountability for data breaches.
In the normal course of life, users share data about their finances, health, residence, travel and activity without realising it. A mobile device records and shares it with various apps unless certain safeguard settings are put into place. Even with safeguard settings, a mobile device is vulnerable to many types of attacks and hacks.
The key question is about accountability. Who should a user hold responsible for a data breach? The device maker, the connectivity provider, the app creator, the information database manager? For government services where personal identity is linked to bank, digital wallets, airport entry services, tax portal, health insurance, the questions become even larger.
While India is placing a data protection law in place, the challenges of providing security go beyond the law. India will need constantly evolving cyber security technology to protect consumers and citizens. For every category of data which is kept in various institutions, there will have to be clear accountability.
In 2023, the World Economic Forum for the first-time ranked cybercrime and cybersecurity as one of the top ten global risks, over both a 2-year and 10-year period. According to estimates from Statista’s Cybersecurity Outlook, the global cost of cybercrime is expected to surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027.
Mobile industry body GSMA says that the 5G networks are more secure. “5G has designed in security controls to address many of the threats faced in today’s 4G/3G/2G networks. These controls include new mutual authentication capabilities, enhanced subscriber identity protection, and additional security mechanisms. 5G offers the mobile industry an unprecedented opportunity to uplift network and service security levels,” a GSMA assessment says. But it agrees that many challenges remain. “5G provides preventative measures to limit the impact to known threats, but the adoption of new network technologies introduces potential new threats for the industry to manage.”
The recent reports of attempts to hack Apple phones in India and globally has become a reminder for everyone to improve their personal device security.
Apple makes an effort to send alerts to people if their phone is being targeted. In the recent case in India several alerts were sent. Even the government agency for cyber security sent advance alerts in October. “Multiple vulnerabilities have been reported in Apple products which could allow an attacker to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of services conditions, bypass authentication, gain elevated privileges and perform spoofing attacks on the targeted system,” CERT-In had said in its advisory.
No mobile maker can say that their devices are fool proof. Part of the responsibility also lies on the users. They have to be careful about the apps they download and links they click on. Sharing OTPs or passwords is still a problem even though the awareness has increased.
From a regulatory perspective, policymakers will have to ensure that people’s data is saved securely. Private sector companies that make hardware and companies that offer app based or online service also store data. They have to be made accountable for storing, saving and protecting data. This is a constant fight against hackers and criminals. No one can afford to be casual about it anymore.
Pranjal Sharma is the author of The Next New: Navigating the Fifth Industrial Revolution.