New research sponsored by IBM found that many companies developing mobile apps are not putting the time or money into testing the apps for security vulnerabilities before releasing them to the public.
Mobile apps may not be as secure as you think.
According to new research from IBM and the Ponemon Institute, an independent research center focused on privacy, data protection, and information security policy, many organizations are not doing enough to protect against potential cybersecurity breaches of the apps they develop.
For example, of the more than 400 companies that the “The State of Mobile Application Insecurity” [PDF] study surveyed, nearly 40 percent are not scanning mobile application code for potential security vulnerabilities before the apps become available for consumers.
Meanwhile, about 30 percent of these companies, of which almost 40 percent are in the Fortune 500, never test their apps at all, and 50 percent are not dedicating any of their budgets to securing apps.
“Although we’ve done a fantastic job securing the computers and servers that have traditionally housed our sensitive information, we are neglecting to devote the same attention to our mobile apps—and cybercriminals are waking up to this opportunity,” Larry Ponemon, chairman and founder of the Ponemon Institute, wrote in a post for IBM’s Security Intelligence blog.
Part of the reason behind lax security measures, the study suggested, is the speed at which organizations feel they need to develop mobile apps.
“The pressure on mobile app development teams to rapidly build and deploy code is tremendous,” Ponemon wrote. “For example, 65 percent of companies admit the security of their apps is often put at risk because of customer demand or need, and an overwhelming 77 percent cite rush-to-release pressures as a primary reason why mobile apps contain vulnerable code.”
The study’s findings have implications for businesses, too. With more and more employees using mobile devices and applications at work, the security risks to an organization’s data are also escalating. For example, 67 percent of businesses allow employees to download unverified, personal apps onto work devices, which can leave the organization’s data vulnerable to attack.
Previous research found that a majority of IT professionals believe sensitive company information may be compromised when employees are accessing it from personal devices.