A study by IBM and the Ponemon Institute challenges the security of mobile applications, and describes the current state as “very disturbing”. The study reveals that nearly 40% of large companies do not take the necessary precautions to secure the mobile applications they design for customers and do not sufficiently protect their BYOD mobile devices from cyber attacks, thus giving hackers access to user, company and customer data.
A Ponemon Institute study sponsored by IBM in March 2015 reveals the alarming state of mobile security for applications. Every year, an average of $ 34 million is spent by a company to develop new mobile apps.
In the race to create more and more applications, application development companies all too often rely on the end user experience and forget two crucial points: its security and the protection of his private life.
The results of the study show that nearly 40% of large companies do not take the necessary precautions to secure the mobile applications they design for their customers. Many of these companies are Fortune 500 companies and operate in sectors that work on highly sensitive data such as financial services, healthcare and the pharmaceutical industry, the public sector, entertainment and distribution.
Of the $ 34 million budget for application creation, only 5.5% is used to secure applications against cyber attacks before they are released. 33% of these companies never test their applications, and only 15% of them test their applications as often as necessary. And 50% of these companies do not devote any budget to mobile security.
Of the reasons cited, 77% cited the urgency of delivering the application as the main reason for insecurity:
“Building mobile application security is not a business priority, giving hackers an opportunity to understand how applications are being developed, unlock mobile devices and tap into confidential data,” says Caleb Barlow, Vice President of Mobile Management and Security at IBM.
However, the number of mobile cyber-attacks continues to grow, and this mobile insecurity thus offers many entry points to tap into the company’s data through insecure devices. Malicious code can infect more than 11.6 million mobile devices.
“Businesses need to think about security in the same way that highly effective cyber criminals who work collaboratively design attacks. Caleb Barlow, IBM.
Finally, the study reveals that companies do not protect their BYOD (Bring Your Own Device) mobile devices from cyber attacks. Hackers are now taking advantage of the best-known unsecured mobile apps, public WiFi networks and more to capture crucial data often hosted on BYOD mobile devices or corporate devices. They can also use mobile devices as a gateway to the business and its highly confidential internal network.
According to the IBM X-Force report, in 2017 alone, more than 1 billion personal identifiable data (PII) were compromised as a result of cyber attacks.