- Mobile Flawed Externally & Internally
- Speed Prioritized Over Precautions
- Devices Themselves at Risk
- Taking on the Security Responsibility
Mobile Flawed Externally & Internally
Facebook. Yelp. Google Maps. Trulia. Instagram. Drunken Contacts. Do you have a dozen or more mobile applications on your cell phone? A study just released by IBM and the Ponemon Institute notes the surprising lack of security precautions among mobile software, a general consumer data-safety concern and business risk that they label as “mobile insecurity.”
Almost two out of every five enterprises, some of which are Fortune 500 corporations, are failing to provide appropriate protections for the phone software they design for their clients. The researchers reviewed over 400 enterprises and determined that it was standard for big business to release mobile apps with “‘major security flaws,”’ according to PCMag.
Not protecting the security of customers is one thing. Not safeguarding company-owned phones and tablets, or those within the network under a “bring your own device” policy, is another. While mobile insecurity of customer software is problematic related to liability, public image, and consumer rights, mobile insecurity of the company’s internal technology is a concern related to direct intrusion by cybercriminals – as indicated by CIO Today.
Since protecting the data within an application is not a core concern of so many businesses, people who want to get inside programs can quickly reverse-engineer them, jailbreak phones, and grab whatever information they want, explains IBM security VP Caleb Barlow.
“Industries need to think about security at the same level on which highly efficient, collaborative cybercriminals are planning attacks,” he argues.
Speed Prioritized Over Precautions
It’s all too easy to believe the findings of the study. After all, we have seen:
- Russia (suspected) hack the US State Department, resulting in the email system being shut down for a weekend in November.
- North Korea (suspected) hack Sony Pictures, using a slash-and-burn, scorched-earth approach that brought the movie studio to its technological knees.
- China (suspected) hack Anthem’s completely unencrypted data trove, gathering the names, Social Security numbers, and home addresses of 78.8 million employees, customers, former customers, and non-customers.
- A criminal syndicate made up of Russians, Chinese, and Europeans (especially Ukrainians) hack into more than 100 different financial institutions, study the activities of the clerks, and seamlessly transfer money into their own hands – literally in some cases, dispensing huge amounts of cash from ATMs.
Beyond those high-profile cases, data breaches are becoming increasingly common and complex – and that’s particularly true with mobile, according to an Arzan Technologies study that estimates there is currently malware on almost 12 million tablets, smart phones, and e-readers.
The Ponemon research paper revealed that the typical enterprise forgoes security testing with more than one in every two mobile programs it engineers. One in three (33%) don’t test any of this type of software. Neglecting to properly check the apps before releasing them to the public (or for internal use) makes it easier for attackers to abscond with information. At this point, safeguarding mobile simply isn’t a priority.
“These numbers are not surprising given that 50 percent of the 400 organizations in the survey aren’t devoting any dollars to mobile security,” CIO Today reports.
As a part of the total budget, mobile is sizable. Along with big data, cloud computing, and social media, it is seen as one of the four pillars of the “third platform” that is gradually taking precedence over the PC (the second platform following the mainframe). Hence, the companies analyzed by IBM invested $34 million into mobile each year on average; but only 5.5% of those funds were dedicated to data protection.
Development is being rushed by the desire to deliver a user-friendly experience to customers. That pressure is coming from the outside and the inside. When asked why apps weren’t tested for security, the top reasons were:
- Excessively aggressive internal timetables – 77%
- Demand from clients – 65%
Devices Themselves at Rrisk
The way in which employees typically use their smartphones is also problematic. What that means is that even if a company is employing mobile security itself, it is at risk of infection from apps made by third parties. Although more than half of business staff interact with outside software extensively, 67% of enterprises don’t have any policy to limit what apps can be used.
Recon Analytics data specialist Roger Entner said that security and privacy are not top concerns in mobile design since protection is geared toward stability and credibility rather than immediate money-making.
“It’s important to have more secure applications with privacy in mind,” argues Entner, “especially as both criminals and governments like to find out everything they can about us.”
Typically, he said, security flaws do not become apparent until user information has already been hacked. It’s up to businesses to make sure their customer information is safe, and many of them are falling short with that responsibility.
Taking on the Security Responsibility
In an age of persistent threats to a company’s security and privacy, as well as those of customers, business must concern itself not just with creating internal safeguards but also with choosing the right partners.
If you want to develop in the cloud, choose:
- An organization registered to meet the ISO 9001:2008 and ISO 27001 standards.
- Data centers audited for compliance with SSAE 16, Type II.
- A staff certified to follow the principles described within the ITIL.
All those security parameters are met by Superb.Net.
By Kent Roberts