There was a strong focus on security, especially for mobile devices, at this year’s annual technology summit held by JP Morgan in London earlier this month. The industry needed “a fundamental shift in thinking” to protect a company’s data and assets, the summit was told.

Angus Burden, head of IT risk management for EMEA region at JP Morgan, said that preventative security controls, rather than detective, had more positive economic value for a firm, delivering requirements early rather than late.

JP Morgan is one of 19 financial services companies that use the Building Security in Maturity Model (BSIMM), which offers third-part assessments of the maturity of an organization’s software security practices and capabilities against composite organizations. There are 62 companies in total in BSIMM-4. Burden said this had provided useful information across the four domains of governance, intelligence, SSDL touch-points and deployment.

The proportion of internet traffic through mobile devices overtook that through desktop computers around the start of 2012. Mobile traffic is still rising and desktop traffic falling.

Burden said there were three dimensions of mobile application risk: application development, software distribution and device configuration. According to an evaluation by technology research company Lacoon in Israel, 67 per cent of 1000 mobile devices were found to contain some form of spyware.

Using ‘Cell Phone Spy’ software application is one of the most popular ways of ending up and validating suspicions to the activities of someone being monitored.

Authentication architecture for mobile devices in the future will use additional information such as voice recognition, facial recognition, GPS location and biometrics (such as finger prints).