Smartphone usage expected to reach 1.91 billion globally this year, mobile applications are going to become more important than ever. More and more companies are looking at ways to leverage the mobile platform, creating newer and more innovative apps to connect with their customers. Even ones that have not invested in creating large scale business apps are today extensively using mobile devices to exchange information or communicate with their suppliers, distributors or end customers.
The mobile revolution has certainly created more avenues for businesses to reach out, exchange information and ensure faster delivery of services. However, the mobile platform has also created new security challenges for organizations and these challenges are will continue to evolve with advancement in technology.
The security threats are not just restricted to large corporate giants, but even the small and medium businesses are facing the wrath of the mobile targeted attacks. Increased vulnerabilities and security loopholes have created huge pandemonium amongst organizations and security professionals. With mobile security becoming so critical, enterprises will have to focus their energies on safeguarding their data and fortifying mobile applications.
Here are some important reasons why every business should be worried about mobile application security:
Irregular Scanning of Mobile Apps:
Industry reports suggest that 40 per cent companies do not scan their mobile app code for vulnerabilities. From a business point of view, mobile applications have vulnerabilities that can be exploited to breach into the app server. Such hacking through the mobile puts both company and its customers at risk.
Mobile Malware and Unregulated Systems:
Last year mobile malware and botnets emerged as the biggest threats, especially for Android. According to a report published in Forbes, 97% of all mobile malwares target Android phones, a large chunk of which comes from unregulated app stores. Attackers often replicate or repackage official app store apps to inject malware and then roll it out through third party sources.
Frequent Updates, No Assessments:
These days most companies update their apps regularly, at least once a month, to be able to stay ahead of competition and provide the best user experience to their customers. However, these frequent updates also bring in new risks that most companies fail to foresee. Every new line of code is a potential risk and there should be regular scanning to prevent such security threats.
Lack of Proper Standards & Testing:
Software developers and engineers rarely think that their code can be vulnerable, but with tight deadlines and no security testing standard to comply with, there could be security loopholes at every stage of development. From undesired, insecure permission requests to malware instances, everything needs to be tested at every stage of development.
Poor Encryption & Data Leakage:
Eavesdropping or snooping around the information during communication through internet is one of the most popular breach techniques. Even veteran CISOs overlook the importance of encrypted communication, which leads to sensitive data leakage. Reports indicate that about one billion personal data records were compromised in 2014 affecting 11.6 million mobile devices.
Insecure Data Storage:
It’s comparatively easier to breach data on weakly encrypted or jail-broken mobile devices. Most people who extensively use mobiles for business purposes end up storing a lot of critical business information on these devices, without taking adequate measures to protect that data. Such security lapses lead to stealing of authentication info, usernames, cookies, passwords and can have serious repercussions. Studies indicate that last year about 60% of the mobile malware specifically targeted financial info.
IT security systems need to evolve in line with the increasing threats that are emerging on the security landscape. A variety of solutions are available on May 21, to help prevent mobile breaches and most importantly safeguard sensitive data stored on different mobile devices. Organizations need to opt for solutions that can offer a holistic approach towards fighting these threats. Security providers are coming up with advanced solutions with inbuilt capabilities and security intelligence to detect different kind of vulnerabilities and malware across multiple operating systems and devices and provide ‘total application security’ for organizations.
By Ashish Tandon, Chairman and CEO of Indusface
