S3Corp. Tech Blog

Security Risks in Mobile App Development Remain Unchecked

A recent study conducted by the Ponemon Institute and commissioned by IBM sheds light on alarming practices in mobile app development. Examining over 400 large organizations, including Fortune 500 companies in critical sectors such as banking, retail, healthcare, and public services, the research highlights significant gaps in mobile app security. The findings reveal that 40% of companies fail to scan their mobile apps for cybersecurity vulnerabilities before release, exposing sensitive data to potential breaches. Shockingly, one-third of companies never test their apps at all, leaving users—and businesses—vulnerable.

This negligence extends to app makers’ investment in security. The study found that 50% of companies allocate no budget to secure the development of mobile apps. This oversight is troubling, given that these apps often handle sensitive user information, including billing details, personal data, and business-critical information.

Employee Devices as a Gateway for Data Breaches

Businesses are not just risking their customers’ data but also their own. Despite the risks posed by employees using insecure apps on work devices, organizations have failed to implement adequate safeguards. According to the study, 67% of large organizations permit employees to download unverified personal apps onto devices used for work. These devices, often used to access highly confidential customer and business data, become easy targets for hackers.

The lack of control over app usage opens pathways for cybercriminals to exploit vulnerabilities. Hackers can use rooted or jailbroken devices to steal sensitive documents, access personal data, or even hijack device features such as microphones and cameras. This creates opportunities for corporate espionage and unauthorized access to critical business discussions.

Rising Threat of Mobile Malware

The risk is not hypothetical. In the past year alone, over 11.6 million mobile devices were infected with malware at any given time. These infections carry steep financial and reputational consequences for businesses. Data breaches stemming from employee devices can lead to the loss of confidential information, diminished customer trust, and compromised brand reputation. The Ponemon Institute estimates that such breaches cost businesses an average of $11 million, excluding the long-term impact of lost customers and diminished public confidence.

Companies that fail to address mobile security are effectively inviting hackers to exploit their vulnerabilities. With mobile devices housing vast amounts of sensitive data, the risks are comparable to “shooting fish in a barrel.” The potential for financial losses and reputational damage should serve as a wake-up call for businesses to prioritize mobile app security.

Existing Solutions and Why Companies Ignore Them

Vendors like IBM, Citrix, Arxan, and Appthority offer solutions that can detect and neutralize mobile threats. These tools are designed to identify malware and prevent attacks on mobile devices. Yet, despite the availability of such technologies, many companies remain reluctant to invest in securing their apps.

One reason for this reluctance could be the relatively low incidence of high-profile breaches involving mobile apps compared to traditional IT systems. Many companies prioritize the security of computers, servers, and other traditional IT infrastructure, as shown in previous studies by the Ponemon Institute. For example, organizations investing in services like Vietnam-based software outsourcing for IT support focus heavily on safeguarding traditional systems. However, mobile apps, despite their increasing use in business operations, are often overlooked.

Financial and Reputational Costs of Neglect

Data breaches carry significant costs, with the Ponemon Institute’s 2014 survey estimating an average loss of over $5 million per breach. These expenses cover direct financial losses, legal fees, and the erosion of customer trust. Businesses risk losing their competitive edge when customers associate them with compromised security.

Neglecting mobile app security compounds these risks. Hackers are already exploiting weaknesses in app security to infiltrate corporate systems. As mobile devices become central to business operations, attacks through this channel are likely to rise, forcing companies to take reactive measures at higher costs.

Conclusion: The Case for Proactive Security Investment

The findings of the Ponemon Institute study highlight a critical need for organizations to reevaluate their approach to mobile app security. With half of app makers spending nothing on securing their applications, the risks to customers and businesses are too significant to ignore. Companies should prioritize proactive investment in mobile security to safeguard sensitive data, protect their reputation, and prevent costly breaches.

Businesses operating in software development or outsourcing, such as Vietnam’s S3Corp, could play a pivotal role in offering secure, scalable mobile app solutions. Addressing these security challenges is not just a matter of protecting data; it is essential for maintaining customer trust and ensuring long-term business success.