Why Mobile and IoT Apps Are at Risk
Mobile and IoT apps can be threats to security, mainly because user convenience is a greater priority and there is a lack of urgency to address the problem.
84% of the IT and security practitioners surveyed are very concerned about the threat malware poses to mobile apps, while 66% worry about threats to IoT apps.
58% are concerned about getting hacked through IoT apps, and 53% worry about mobile apps being hacked. Yet, 44% aren’t taking any preventive measures, and 11% are not sure whether their organization is taking any steps to prevent attacks.
79% of the respondents said mobile apps increase security risks significantly or very significantly, and 75% said the same about IoT apps.
63% are not confident that their organization is aware of all the mobile apps their employees use. They estimate the average to be 472 apps.
75% of respondents are not confident that they know about all the IoT apps in the workplace. They estimate the average number to be 241.
Because of pressure to ensure ease of use of mobile and IoT apps, their security is not a priority. 62% of respondents rated user convenience important when deploying mobile apps, and 68% did the same for IoT apps.
Only 32% of respondents said their organization urgently wants to secure mobile apps, and 42% said the same of IoT apps. Why? Insufficient budgets, and those most responsible for stopping attacks are in development, lines of business or engineering rather than security.
70% of the IT and security practitioners surveyed are very concerned about the use of insecure mobile apps, and 64% feel the same about IoT apps.
On average, only 29% of mobile apps and 20% of IoT apps are tested. 30% of tested mobile apps and 38% of tested IoT apps contain significant vulnerabilities.
58% of respondents said their organization waits until production to test their IoT apps, and 39% said mobile apps are tested in production.
70% of respondents said broken cryptography and 65% said unintended data leakage are the most serious mobile app security risks. The least serious risk is the lack of binary protection.
69% of respondents said pressure on the development team is why mobile apps contain vulnerable code. 75% said the same reason applies to IoT apps.