Everyone’s got them, everyone “needs” them, but how secure are mobile apps in your environment and more importantly, how much is your company at risk because of them? In a recent research report, Ponemon Institute surveyed 640 individuals involved in the application development and security process in their organizations on the following topics:
- Why mobile application security eludes many organizations.
- The difficulty in controlling employees’ risky behaviors.
- Are organizations taking the right steps to secure mobile apps?
77 percent of respondents rate the level of difficulty in securing apps as very high. Only 7 percent of respondents believe it is easy or a “piece of cake.”
The following are six findings that reveal why the state of mobile application is insecure:
- The “rush to release” results in mobile apps that can have vulnerabilities.Sixty-five percent of respondents say the security of mobile apps is sometimes put at risk because of customer demand or need. Thirty-eight percent of respondents say their organizations do not scan for vulnerabilities.
- Mobile apps are often tested infrequently and too late. Most respondents (55 percent) say they do not test apps or they are unsure. Mobile apps are rarely tested in production. Most often they are tested in development or post-development.
- Malware-infected mobile apps and devices will increase. Sixty-one percent of respondents say their organizations will need to address the growing risk of malware-infected mobile apps. However, only 29 percent of respondents say their organization has ample resources to prevent the use of vulnerable or malware-infected mobile apps.
- Not enough is spent on mobile app security. While an average of $34 million is spent annually on mobile app development, only 5.5 percent, or $2 million, is allocated to mobile app security.
- There is a scarce supply of trained and expert security professionals. Only 41 percent of respondents say their organization has sufficient mobile application security expertise.
- Organizations lack policies that provide guidance on employees’ use of mobile apps. The findings reveal most employees’ are “heavy users of apps”, but 55 percent of respondents say their organization does not have a policy that defines the acceptable use of mobile apps in the workplace.
The problem is clear, is the solution?
The following chart shows how the survey participants responded to the question, “What security techniques are used to vet mobile apps in an organization’s app store for security?”
For a variety of reasons, companies find it difficult to improve the security of their mobile applications. The following are some recommendations to improve your organization’s state of mobile application insecurity.
- Testing of mobile apps should be conducted frequently. The findings reveal many organizations are not testing apps. They are rarely tested in production.
- Ensure the “rush to release” does not impact coding practices.
- Conduct internal training and education programs for development teams to follow application security policies and best practices.
- Increase the budget for mobile application security. The average budget is insufficient to have the technologies and expertise necessary to secure mobile apps.
- Create policies and procedures to control employees’ risky behaviors. Most employees in the companies represented in this study are “heavy users of apps” but very often there are no policies that define the acceptable use of mobile apps in the workplace.
Schedule a consultation today to learn how Flagship can help you design an effective mobile security strategy.
If you liked this blog, you also might like: Mobile Insecurity Infographic