“Gartner Listed - mobile application security guide”

February 15, 2017

Mobile and IoT security being overlooked despite concerns

New research on mobile app security, mobile devices and IoT security from the Ponemon Institute states that organisations are adapting their mobile applications and IoT apps and devices from existing web apps without taking any steps to counter threats to IoT, mobile devices, or do any mobile app security testing.

The survey named “2017 Study on Mobile and Internet of Things Application Security” was sponsored by IBM and Arxan Technologies. The survey indicates that though organisations are about anxious about IoT device and mobile app security in the workplace, there is little being done to combat these threats. About 58 percent of research respondents were concerned about getting hacked through IoT apps with 53 percent fearing being hacked through a mobile app. 44 percent of respondents believe that no steps are being taken while 11 percent are not sure if any steps, such as mobile app security testing, are being taken at all.

Respondents also consider malware as a greater threat to mobile apps compared IoT apps, with 84 percent concerned for mobile apps and 66 percent for IoT. As it stands it is harder to test the security of IoT apps than to do mobile app security testing. The increased security risk was attributed to bringing IoT and mobile devices to workplace. 79 percent of respondents said the use of mobile devices increased security risks while 75 percent believed the same about IoT apps. One potential reason for this was that organisations have minimal confidence about the number of mobile and IoT devices that are brought to the workplace.

The failure to address mobile and IoT risks so far is due to the preference for end-user convenience over security. The survey found that IoT and mobile app security testing is usually a low priority due to the pressure to make convenient to use. When developing or deploying mobile apps, 62 percent of respondents consider end-user convenience over security.

Some of the factors behind this acknowledgement of security risks and failure to do anything are the limited security budgets and individuals other than those with CISO role responsible for security leaks. In spite of these there are now several easy to use and cost effective mobile app security testing solutions on the market.

CTO of Arxan Sam Rehman belives that people generally misunderstand the term “hacking” and attribute it to losing data. What they do not acknowledge is that they themselves open the doors to hacking via weak security.

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.