A new report is raising alarm bells about the way major companies develop mobile apps, warning user, corporate and customer data could be at risk.
The report, released by IBM Security and the Ponemon Institute, found an alarming state of mobile insecurity with regards to application development. It found that nearly 40 per cent of large companies aren’t taking the right steps to secure the mobile apps they build, and are poorly protecting their corporate and BYOD mobile devices against cyber-attacks. It’s a combination that has the potential to expose user, corporate and customer data to hackers.
Examining security practices in over 400 large organizations, the report found that most companies test less than half of the mobile apps they develop and 33 per cent never test their apps at all. That’s underlined by the finding that 50 per cent of these organizations allocate absolutely no budget to mobile security.
“Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse engineer apps, jailbreak mobile devices and tap into confidential data,” said Caleb Barlow, vice-president of mobile management and security at IBM, in a statement. “Industries need to think about security at the same level on which highly efficient, collaborative cyber criminals are planning attacks. To help companies adopt smart mobile strategies, we’ve tapped the deep security expertise of IBM Security Trusteer, bringing what we’ve learned from protecting the most sensitive data of complex organizations – such as top global banks – and applying it to mobile.”
Of the survey respondents, each spend an average of US$34 million annually on mobile app development, but only 5.5 per cent of that budget is allocated to ensuring apps are secure from cyberattack before they are deployed. Instead, the report found that speed-to-market and user experience are prioritized over security in the app development process.
Customer pressure may be driving some of these decisions, with 65 per cent of respondents saying customer demand or need is why app security is often put at risk, and 77 per cent citing the pressure to get an app to market quickly as why apps with vulnerable code make it to market.