Mobile and IoT apps can be threats to security, mainly because user convenience is a greater priority and there is a lack of urgency to address the problem. We explored mobile and IoT security risks in a recent CIO Insight survey of IT and security professionals.
Malware Is a Bigger Threat to Mobile Apps
Eighty-four percent of the IT and security practitioners surveyed are very concerned about the threat malware poses to mobile apps, while 66% worry about threats to IoT apps.
Fifty-eight percent are concerned about getting hacked through IoT apps, and 53% worry about mobile apps being hacked. Yet, 44% aren’t taking any preventive measures, and 11% are not sure whether their organization is taking any steps to prevent attacks.
Mobile and IoT Apps Threaten Security
Seventy-nine percent of the respondents said mobile apps increase security risks significantly or very significantly, and 75% said the same about IoT apps.
However, 63% of respondents are not confident that their organization is aware of all the mobile apps their employees use. They estimate the average to be 472 apps.
Further, 75% of respondents are not confident that they know about all the IoT apps in the workplace. They estimate the average number to be 241.
User Convenience Is More Important Than Security
Because of pressure to ensure ease of use of mobile and IoT apps, their security is not a priority. Sixty-two percent of respondents rated user convenience important when deploying mobile apps, and 68% did the same for IoT apps.
Only 32% of respondents said their organization urgently wants to secure mobile apps, and 42% said the same of IoT apps. Why? Insufficient budgets, and those most responsible for stopping attacks are in development lines of business or engineering, rather than security.
Seventy percent of the IT and security practitioners surveyed are very concerned about the use of insecure mobile apps, and 64% feel the same about IoT apps.
Too Few Apps Are Tested
On average, only 29% of mobile apps and 20% of IoT apps are tested. 30% of tested mobile apps and 38% of tested IoT apps contain significant vulnerabilities.
Unfortunately, 58% of respondents said their organization waits until production to test their IoT apps, and 39% said mobile apps are tested in production.
Why Are Mobile and IoT Security Risks Hard to Mitigate?
Seventy percent of respondents said broken cryptography and 65% said unintended data leakage are the most serious mobile app security risks. The least serious risk is the lack of binary protection.
All told, 69% of respondents said pressure on the development team is why mobile apps contain vulnerable code. Seventy-five percent said the same reasoning applies to IoT apps.