Ponemon Study Reveals Startling Lack of Security In Mobile Apps
By Christine Kern, contributing writer
Demand for mobile apps is putting users’ private information at risk.
The pressure is so great to release new mobile apps that three-quarters (77%) of companies surveyed by Ponemon and IBM report taking shortcuts on data security to get them out, according to a press release. The increased demand for mobile apps is putting users’ private information at risk, according to a new study from Ponemon Institute and IBM.
The study, “The State of Mobile Insecurity,” found that almost 40 percent of the more than 400 organizations surveyed don’t review code for security weaknesses, and 33 percent never even test their apps before release. This gap has serious implications for cybersecurity. With servers now more secure, cybercriminals are rapidly turning to mobile apps to target their attacks. IBM points to Arzan Technologies research that shows the malicious code is infecting over 11.6 million mobile devices at any given moment.
“Building security Relevant Products/Services into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse engineer apps, jailbreak mobile devices and tap into confidential data Relevant Products/Services,” said Caleb Barlow, Vice President of Mobile Management and Security at IBM. “Industries need to think about security at the same level on which highly efficient, collaborative cybercriminals are planning attacks.”
More than 1 billion personal data records were breached in 2014, with annual losses due to mobile fraud costing businesses $240 million annually, according to CNBC. While companies have made moves to secure their servers, mobile apps are the new weak link in the security chain.
Mobile apps are becoming a valuable way for retailers to reach shoppers in stores with beacons, and during their everyday lives with useful tools like shopping list apps. Retrofitting apps to be more secure is impossible, the study says, so retailers need to start building security into their apps at the outset to avert cybercrime, data breaches, and business disruptions.
Ultimately, “end-user convenience is trumping end-user security and privacy” when it comes to creating mobile apps, the study noted. Sixty-five percent of organizations state the security of their apps is often put at risk because of customer demand or need, and 77 percent cite “rush to release” pressures as a primary reason why mobile apps contain vulnerable code.
In addition, vulnerabilities are created because while most employees are “heavy mobile apps” users, their organizations don’t have policies in place for acceptable mobile app use, the study revealed, and sixty-seven percent of companies allow workers to download non-vetted apps on their devices.