RSS   Newsletter   Contact   Advertise with us

Alarming findings: Mobile app developers not investing in security

Staff writer ▼ | March 20, 2015
Nearly 40 percent of large companies, including many in the Fortune 500, aren't taking the right precautions to secure the mobile apps they build for customers.
Mobile apps
Study   IBM Security and the Ponemon Institute
The study by IBM Security and the Ponemon Institute also found organizations are poorly protecting their corporate and BYOD mobile devices against cyber-attacks – opening the door for hackers to easily access user, corporate and customer data.

The number of mobile cyber-security attacks is continuing to grow. At any given time, malicious code is infecting more than 11.6 million mobile devices. The Ponemon Institute and IBM Security study, which researched security practices in over 400 large organizations, found that the average company tests less than half of the mobile apps they build.

Also, 33 percent of companies never test their apps - creating a plethora of entry points to tap into business data via unsecured devices. While these numbers may seem shocking, they aren't surprising when considering that a full 50 percent of these organizations were found to devote zero budget whatsoever towards mobile security.

Hackers are now taking advantage of the popularity of insecure mobile apps, public Wi-Fi networks, and more to break into the highly valuable data often housed on BYOD and corporate mobile devices. Further, they're also tapping mobile devices as an entry portal into an organization's broader, highly confidential internal network.

Among the organizations, each spent an average of $34 million annually on mobile app development. Of this tremendous budget, however, only 5.5 percent is currently being allocated to ensuring that mobile apps are secure against cyber-attacks before they are made available to users. A full 50 percent of companies devote no budget to security.

Tending to prioritize speed-to-market and user experience, the study found that many of these organizations scan their mobile apps for security vulnerabilities infrequently and much too late – if at all – leaving entry points which hackers are increasingly exploiting.

These holes allow cyber-thieves to gain access to confidential business and personal data through BYOD or corporate mobile devices. According to IBM X-Force research, in 2014 alone, over 1 billion pieces of personally identifiable information (PII) were compromised as a result of cyber-attacks.

During the creation of mobile apps, end user convenience is trumping end user security and privacy. According to the study, 65 percent of organizations state the security of their apps is often put at risk because of customer demand or need, and 77 percent cite "rush to release" pressures as a primary reason why mobile apps contain vulnerable code.

Of the companies that actually do scan for vulnerabilities before deploying apps to the market, only 15 percent of them test their apps as frequently as needed to be effective.


 

MORE INSIDE POST