Nearly
40% of
large
companies-
including
many
in the
Fortune
500
-
aren't
taking
the
right
precautions
to
secure
the
mobile
apps
they
build
for
customers
according
to
findings
from
IBM
Security and
the
Ponemon
Institute.
The
study,
"The
State
of
Mobile
Application
Insecurity,"
also
found
that
organizations
are
poorly
protecting
their
corporate
and BYO
mobile
devices against
cyber-attacks,
opening
the
door
for
hackers
to
easily
access
user,
corporate
and
customer
data.
The
number
of
mobile
cyber-security
attacks
is
continuing
to
grow.
At any
given
time,
malicious
code
is
infecting
more
than
11.6
million
mobile
devices.
The
average
company
tests
less
than
half
of the
mobile
apps
they
build,
33% of
businesses
never
test
their
apps
and
55%
were
found
to
devote
zero
budget
whatsoever
towards
mobile
security.
"Building
security
into
mobile
apps
is not
top of
mind
for
companies,
giving
hackers
the
opportunity
to
easily
reverse
engineer
apps,
jailbreak
mobile
devices
and
tap
into
confidential
data,"
said
Caleb
Barlow,
Vice
President
of
Mobile
Management
and
Security
at
IBM.
"Industries
need
to
think
about
security
at the
same
level
on
which
highly
efficient,
collaborative
cyber
criminals
are
planning
attacks."
Alarming
Security
Flaws
The
Ponemon
Institute
unveils
an
alarming
state
of
mobile
insecurity.
Hackers
are
now
taking
advantage
of the
popularity
of
insecure
mobile
apps,
public
Wi-Fi
networks
to
break
into
highly
valuable
data
often
housed
on
BYOD
and
corporate
mobile
devices.
They're
also
tapping
mobile
devices
as an
entry
portal
into
an
organization's
broader,
highly
confidential
internal
network.
The
study
also
found
major
security
flaws
in the
ways
which
most
organizations
build
and
deploy
mobile
apps
for
their
customers.
The
companies
studied,
of
which
40%
are
Fortune
500
companies,
operate
in
industries
which
work
with
highly
sensitive
data—including
financial
services,
health
and
pharmaceutical,
the
public
sector
and
retail.
In
addition,
each
business
spent
an
average
of $34
million
annually
on
mobile
app
development.
Of
this
tremendous
budget,
only
5.5%
is
currently
being
allocated
to
ensure
that
mobile
apps
are
secure
against
cyber-attacks
before
they
are
made
available
to
users—compared
to 50%
who
devote
no
budget
to
security.
Convenience
Over
Security
Tending
to
prioritize
speed-to-market
and
user
experience,
many
of
these
organizations
scan
their
mobile
apps
for
security
vulnerabilities
infrequently
and
much
too
late –
if at
all –
leaving
entry
points
which
hackers
are
increasingly
exploiting.
These
holes
allow
cyber-thieves
to
gain
access
to
confidential
business
and
personal
data
through
BYOD
or
corporate
mobile
devices.
According
to IBM
X-Force
research,
in
2014
alone,
over 1
billion
pieces
of
personally
identifiable
information
(PII)
were
compromised
as a
result
of
cyber-attacks.
During
the
creation
of
mobile
apps,
end
user
convenience
is
trumping
end
user
security
and
privacy.
Sixty-five
percent
of
businesses
state
the
security
of
their
apps
is
often
put at
risk
because
of
customer
demand
or
need,
and
77%
cite
"rush
to
release"
pressures
as a
primary
reason
why
mobile
apps
contain
vulnerable
code.
Of the
companies
that
do
scan
for
vulnerabilities
before
deploying
apps
to the
market,
only
15%
test
their
apps
as
frequently
as
needed
to be
effective.
Vulnerabilities
from
BYOD
BYOD
has
become
increasingly
popular,
if not
a
necessity,
for
organizations.
The
challenge
arises
when
employees
connect
to
unsecured
networks
or
download
insecure
apps
from
untrusted
sources—which
leave
the
device
vulnerable
to
malware.
As
uncovered
by
Ponemon,
even
apps
from
trusted
organizations
and
available
in
traditional
app
stores
can
carry
enormous
risks.
Though
most
employees
are
"heavy
users
of
apps,"
55%
state
their
organization
does
not
have a
policy
which
defines
the
acceptable
use of
mobile
apps
in the
workplace.
Sixty-seven
percent
of
companies
allow
employees
to
download
non-vetted
apps
to
their
work
devices,
while
55%
say
employees
are
permitted
to use
and
download
business
apps
on
their
personal
devices
(BYOD).
Mobile
Threat
Management
To
defend
against
cyber-criminals
taking
advantage
of
this
immense
opportunity,
IBM
has
introduced
a new
mobile
threat
management
(MTM)
technology
into
its
IBM
MobileFirst
Protect
offering
(formerly MaaS360).
Using
advanced
cyber-threat
and
intelligence
technology,
the
solution
automatically
detects
suspicious
activities
on
mobile
endpoints,
and
stops
malware
the
moment
a
device
is
breached.
Delivered
through
the cloud and
updated
over-the-air,
it
enables
organizations
to be
well-armed
at all
times
against
rapidly
evolving
and
sophisticated
threats
and
attacks.
Additionally,
it
provides
automatic
and
highly
intuitive
protection
against
would-be
hackers,
who
are
increasingly
targeting
corporate
and
personal
mobile
devices
used
for
work.
The
offering's
new
threat
management
technology
integrates
the
flexible
power
of
cloud,
the
comprehensive
control
of
enterprise
mobility
management
and
sophisticated
defense
tools
created
against
malware
and
mobile
fraud.
