Mobile App Security Is a Problem, Even for Fortune 500 Companies
At any one time, more than 11.6 million unique mobile devices are being infected by malicious code. Our data is appearing on more and more pieces of technology, and while some companies are doing their best to prevent your information from being stolen, the effort of other prominent players is less than stellar.
A recent IBM/Ponemon study shows that mobile application development for a high percentage of large companies—which includes some Fortune 500 members—has significant weaknesses, leaving enterprise data susceptible to theft. These apps aren’t being properly tested for security before release, putting early adopters in jeopardy.
The numbers are a bit jarring, showing just how little vulnerability testing is being done at an enterprise level. Of the four hundred large organizations polled, 40 percent aren’t properly searching for vulnerabilities within apps built for their customers. Less than half of the apps built are even tested for security flaws, which could easily result in data pilfering.
Even more surprising, 33 percent of the sampled group fail to test a new mobile app before it becomes available for download. It just hits the market, and any issues that arise are patched afterward.
The full study can be read here, with additional IBM research on security trends painting an even greater picture of the current state of the industry. The data doesn’t paint a cloud covering the entire industry too dark to peer through, but it’s obvious that security isn’t a priority at the top of everyone’s list.
“Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse engineer apps, jailbreak mobile devices, and tap into confidential data," said Caleb Barlow, vice president of Mobile Management and Security at IBM. "Industries need to think about security at the same level on which highly efficient, collaborative cyber criminals are planning attacks.”
That could be a major problem if the industry keeps trending toward putting an Internet connection in every product on the market. The Internet of Things stretches from watches to refrigerators, and that many connected products could lead to even more devices open to attack.
Half of the surveyed companies have no security budget. None. If we want to create a more connected world, that figure needs to change. Without greater vulnerability testing, it’s unlikely that consumers will ever feel comfortable downloading new apps from even the most well-known brands.
