Staggering Statistics Show 40% of Large Enterprises Do Not Secure Their Mobile Apps
It was announced today that almost 40% of large companies, including many in the Fortune500, do not take the necessary precautions to secure the mobile applications which they build for their customers.
Derived from a study recently conducted by IBM Security and the Ponemon Institute, the alarming findings also included a trend demonstrating that organisations are poorly protecting their corporate and BYOD mobile devices against cyber attacks, which is opening the door for hackers to easily access user, corporate and customer data.
The research, which involved security practices in over 4,000 large organisations operating in industries which work with highly sensitive data (including financial services, health and pharmaceutical, the public sector, entertainment and retail), revealed that the average company tests less than half of the mobile apps they build. Additionally, a shocking 33% of companies never test their apps, which creates innumerable entry points for cyber attacks on business data through unsecured devices.
Perhaps the biggest concern to surface from the study, was that 50% of these organisations were found to devote zero budget whatsoever to their mobile security efforts.
Among the organisations which were surveyed, each spent an average of $34million annually on mobile app development. However, only 5.5% of this budget is currently being allocated to ensuring that mobile apps are secure against cyber attacks prior to being made available to users.
"Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse-engineer apps, jailbreak mobile devices and tap into confidential data," said Caleb Barlow, Vice President of Mobile Management and Security at IBM. "Industries need to think about security at the same level on which highly efficient, collaborative cyber criminals are planning attacks. To help companies adopt smart mobile strategies, we've tapped the deep security expertise of IBM Security Trusteer, bringing what we've learned from protecting the most sensitive data of complex organisations, such as top global banks, and applying it to mobile."
Malicious hackers are reportedly taking an increasingly vigilant approach towards finding mobile apps which aren't secure, as well as taking advantage of public Wi-Fi networks, to break into the highly valuable data often housed on BYOD and corporate mobile devices. Organisations must also deal with hackers attempting to tap into mobile devices as entry portals into their wider, and far more sensitive internal networks.
It was determined that organisations tend to prioritise speed-to-market and user experience, and that many of these organisations scan their mobile apps for security vulnerabilities infrequently, and much too late, if at all. This is reflected in the fact that 65% of organisations stated the security of their apps is often put at risk because of customer demand or need, and 77% cited a 'rush to release' as a reason for why mobile apps contain vulnerable code.
In relation to their research, IBM has introduced a mobile threat management (MTM) technology into its IBM MobileFirst Protect offering, using advanced cyber-threat and intelligence technology to automatically detect suspicious activities on mobile end-points, and prevent malware the moment a device is breached.
When considering the number of mobile cyber security attacks is continuing to grow due to BYOD and the use of vulnerable apps, and at any given time malicious code is infecting more than 11.6million mobile devices, it is clear that enterprises must increase their efforts significantly to ensure their information is secure.
Security threats can be just as sophisticated and advanced as the enterprise technologies they target. Therefore, regardless of the solution, mobile security must be an inherent and highly prioritised component of an organisationã??s mobile strategy, and sufficient measures must be in place to protect corporate data.