The Era of Mobile Insecurity

  • Mobile Flawed Externally & Internally
  • Speed Prioritized Over Precautions
  • Devices Themselves at Risk
  • Taking on the Security Responsibility

Mobile Flawed Externally & Internally

Facebook. Yelp. Google Maps. Trulia. Instagram. Drunken Contacts. Do you have a dozen or more mobile applications on your cell phone? A study just released by IBM and the Ponemon Institute notes the surprising lack of security precautions among mobile software, a general consumer data-safety concern and business risk that they label as “mobile insecurity.”

Other than these apps, people also play games on mobile which may cause security breaches if not downloaded from a trusted source. People who love to play games can check out tips to play online games on the phone without risking the security of personal data saved on their mobiles. Other than this, you may also risk data theft by visiting sites that are not protected.

Almost two out of every five enterprises, some of which are Fortune 500 corporations, are failing to provide appropriate protections for the phone software they design for their clients. The researchers reviewed over 400 enterprises and determined that it was standard for big business to release mobile apps with “‘major security flaws,”‘ according to PCMag.

Not protecting the security of customers is one thing. Not safeguarding company-owned phones and tablets, or those within the network under a “bring your own device” policy, is another. While mobile insecurity of customer software is problematic related to liability, public image, and consumer rights, mobile insecurity of the company’s internal technology is a concern related to direct intrusion by cybercriminals – as indicated by CIO Today.

Employees also use their cell phones to keep track of their work. However, they may be unaware that some applications could be recording user data. As a result, many businesses require their employees to download security applications such as Pradeo Security for testing mobile apps for vulnerabilities. However, companies that do not need employees to download a security application, often advise them to learn about the various mobile security issues and how to mitigate them. For instance, while some companies may instruct employees to watch videos to gain more knowledge regarding the subject matter, others may suggest employees read blogs titled “Security and Your Phone“.

Nevertheless, protecting the data within an application is not a core concern of many businesses, people who want to get inside programs can quickly reverse-engineer them, jailbreak phones, and grab whatever information they want, explains IBM security VP Caleb Barlow.

“Industries need to think about security at the same level on which highly efficient, collaborative cybercriminals are planning attacks,” he argues.

Speed Prioritized Over Precautions

It’s all too easy to believe the findings of the study. After all, we have seen:

  • Russia (suspected) hack the US State Department, resulting in the email system being shut down for a weekend in November.
  • North Korea (suspected) hack Sony Pictures, using a slash-and-burn, scorched-earth approach that brought the movie studio to its technological knees.
  • China (suspected) hack Anthem’s completely unencrypted data trove, gathering the names, Social Security numbers, and home addresses of 78.8 million employees, customers, former customers, and non-customers.
  • A criminal syndicate made up of Russians, Chinese, and Europeans (especially Ukrainians) hack into more than 100 different financial institutions, study the activities of the clerks, and seamlessly transfer money into their own hands – literally in some cases, dispensing huge amounts of cash from ATMs.

Beyond those high-profile cases, data breaches are becoming increasingly common and complex – and that’s particularly true with mobile, according to an Arzan Technologies study that estimates there is currently malware on almost 12 million tablets, smart phones, and e-readers.

The Ponemon research paper revealed that the typical enterprise forgoes security testing with more than one in every two mobile programs it engineers. One in three (33%) don’t test any of this type of software. Neglecting to properly check the apps before releasing them to the public (or for internal use) makes it easier for attackers to abscond with information. At this point, safeguarding mobile simply isn’t a priority.

“These numbers are not surprising given that 50 percent of the 400 organizations in the survey aren’t devoting any dollars to mobile security,” CIO Today reports.

As a part of the total budget, mobile is sizable. Along with big data, cloud computing, and social media, it is seen as one of the four pillars of the “third platform” that is gradually taking precedence over the PC (the second platform following the mainframe). Hence, the companies analyzed by IBM invested $34 million into mobile each year on average; but only 5.5% of those funds were dedicated to data protection.

Development is being rushed by the desire to deliver a user-friendly experience to customers. That pressure is coming from the outside and the inside. When asked why apps weren’t tested for security, the top reasons were:

  • Excessively aggressive internal timetables – 77%
  • Demand from clients – 65%

Devices Themselves at Rrisk

The way in which employees typically use their smartphones is also problematic. What that means is that even if a company is employing mobile security itself, it is at risk of infection from apps made by third parties. Although more than half of business staff interact with outside software extensively, 67% of enterprises don’t have any policy to limit what apps can be used.

Recon Analytics data specialist Roger Entner said that security and privacy are not top concerns in mobile design since protection is geared toward stability and credibility rather than immediate money-making.

“It’s important to have more secure applications with privacy in mind,” argues Entner, “especially as both criminals and governments like to find out everything they can about us.”

Typically, he said, security flaws do not become apparent until user information has already been hacked. It’s up to businesses to make sure their customer information is safe, and many of them are falling short of that responsibility. One way to do that could be to provide employees with something equivalent to a pgp telefoon, which was a device created to send encrypted messages, and used by businesses that deal with sensitive data. A device of that sort would likely ensure that all communication happening on it cannot be accessed by any outsider. Similarly, there are other measures that can be taken as well.

Taking on the Security Responsibility

In an age of persistent threats to a company’s security and privacy, as well as those of customers, business must concern itself not just with creating internal safeguards but also with choosing the right partners.

If you want to develop in the cloud, choose:

  • An organization registered to meet the ISO 9001:2008 and ISO 27001 standards.
  • Data centers audited for compliance with SSAE 16, Type II.
  • A staff certified to follow the principles described within the ITIL.

All those security parameters are met by Superb Internet.

By Kent Roberts