Why Mobile and IoT Apps Are at Risk
-
Why Mobile and IoT Apps Are at Risk
Mobile and IoT apps can be threats to security, mainly because user convenience is a greater priority and there is a lack of urgency to address the problem. -
Malware More of a Threat to Mobile Apps
84% of the IT and security practitioners surveyed are very concerned about the threat malware poses to mobile apps, while 66% worry about threats to IoT apps. -
Worries About Attacks on Mobile and IoT Apps
58% are concerned about getting hacked through IoT apps, and 53% worry about mobile apps being hacked. Yet, 44% aren't taking any preventive measures, and 11% are not sure whether their organization is taking any steps to prevent attacks. -
Mobile and IoT Apps Threaten Security
79% of the respondents said mobile apps increase security risks significantly or very significantly, and 75% said the same about IoT apps. -
Lacking Knowledge of Mobile App Use
63% are not confident that their organization is aware of all the mobile apps their employees use. They estimate the average to be 472 apps. -
Lacking Knowledge of IoT App Use
75% of respondents are not confident that they know about all the IoT apps in the workplace. They estimate the average number to be 241. -
User Convenience Is More Important Than Security
Because of pressure to ensure ease of use of mobile and IoT apps, their security is not a priority. 62% of respondents rated user convenience important when deploying mobile apps, and 68% did the same for IoT apps. -
Lack of Urgency Despite Risks
Only 32% of respondents said their organization urgently wants to secure mobile apps, and 42% said the same of IoT apps. Why? Insufficient budgets, and those most responsible for stopping attacks are in development, lines of business or engineering rather than security. -
Concern About Insecure Mobile and IoT Apps
70% of the IT and security practitioners surveyed are very concerned about the use of insecure mobile apps, and 64% feel the same about IoT apps. -
Two Few Apps Are Tested
On average, only 29% of mobile apps and 20% of IoT apps are tested. 30% of tested mobile apps and 38% of tested IoT apps contain significant vulnerabilities. -
Testing Occurs Late
58% of respondents said their organization waits until production to test their IoT apps, and 39% said mobile apps are tested in production. -
Most Difficult Mobile Risks to Mitigate
70% of respondents said broken cryptography and 65% said unintended data leakage are the most serious mobile app security risks. The least serious risk is the lack of binary protection. -
Rush to Release Results In Vulnerable Code
69% of respondents said pressure on the development team is why mobile apps contain vulnerable code. 75% said the same reason applies to IoT apps.
A new study reports that companies are "unprepared for risks created by vulnerabilities in internet of things applications." The report, "2017 Study on Mobile and IoT Application Security," was conducted by the Ponemon Institute and sponsored by Arxan Technologies and IBM. It surveyed 593 IT and security practitioners involved in safeguarding mobile and IoT application security. Organizations participating in this study are users of mobile apps (44 percent) and IoT devices (48 percent); developers and manufacturers of mobile apps (27 percent) and IoT devices (21 percent); or both users and developers of mobile apps (29 percent) and IoT devices (31 percent). "Respondents acknowledge the risk of security vulnerabilities in both mobile and IoT apps," said the report, "however, 84 percent of respondents are likely to say that IoT apps are harder to secure than mobile apps (69 percent)." In addition, more than half of respondents said there is a lack of quality assurance and testing procedures for IoT apps. Highlights of the report follow.