App Developers Fall Short in Mobile Security
Recent research from IBM Security and the Ponemon Institute disclosed a major lack of mobile security – according to the results, almost 40% of large companies aren’t taking the necessary measures to protect their mobile apps.
The Ponemon Institute and IBM Security study, which looked at security practices in more than 400 large organizations, found the number of mobile cybersecurity attacks has continued, with malicious code infecting more than 11.6 million mobile devices. According to IBM X-Force research, cyber-attacks compromised more than one billion pieces of personally identifiable information in 2014 alone.
The organizations studied (40% of which are Fortune 500 companies) operate in industries that work with highly sensitive data, including financial services, health and pharmaceutical, the public sector, entertainment and retail.
Meanwhile, research revealed the average company tests less than half of the mobile apps they build. Also, 33% of companies never test their apps, creating a flood of entry points for tapping into business data via unsecured devices. And 50% of these organizations were found to devote no portion of their budget whatsoever toward mobile security.
The study also disclosed organizations are protecting their corporate and BYOD mobile devices poorly against cyber-attacks, opening the door for hackers to easily access user, corporate and customer data.
Of the organizations studied, each spent an average of $34 million annually on mobile app development. Yet, only 5.5% currently goes to ensuring mobile apps are secure against cyber-attacks before their release.
The report also revealed developers tend to focus more on speed-to-market and user experience. Many of these organizations scan their mobile apps for security vulnerabilities infrequently and much too late, if at all, the study said, leaving entry points that hackers are increasingly exploiting. These holes allow cyber-thieves to gain access to confidential business and personal data through BYOD or corporate mobile devices.
A different report released by the Ponemon Institute found that the average total cost of cyber-protection for financial services firms was $20.8 million in 2014. According to the report, only the energy/utilities and defense sectors spent more than that last year on cybersecurity with averages of $26.5 million and $21.9 million, respectively. According to the Ponemon report, out of 14 industries, the health care sector saw the second-lowest investment in cybersecurity, with an average spend-per-organization of $6 million in 2014.
Not only corporations tend to be blasé regarding security – according to a recent study commissioned by Trend Micro Incorporated and conducted by Ponemon, a slight majority of consumers believe the benefits of the Internet of Things (IoT) outweigh privacy concerns. However, 75% feel they do not have any control over their personal information. In addition, the majority of consumers who identify themselves as “privacy sensitive” will not change their behavior or information-sharing practices even if they experience a data breach.