View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Data on a plate: Mobile apps left wide open to cyber-attacks

IBM Security and the Ponemon Institute reveal shocking state of mobile app security.

By Ellie Burns

An alarming state of mobile insecurity has been exposed by IBM Security and the Ponemon Institute.

Organisations are failing to protect corporate and mobile devices, despite malicious code infecting more than 11.6 million mobile devices at any given time. This means that organisations are leaving a host of data – user, corporate and customer – wide open to hackers.

In figures which should be of very real concern to business leaders, 40% of large companies are leaving their businesses open to attack, while a shocking 50% devote zero budget whatsoever towards mobile security.

However, the budget is most certainly there for mobile app development, with an average $34 million spent by companies annually. Of this budget, many would assume a large chunk would be dedicated to security – the study reveals otherwise.

Only 5.5% of the average £34 million budget is currently being spent to secure mobile apps against cyber attacks – a shocking statistic in a world where mobile workforces and hackers are both on the rise.

The study highlights how the creation of apps is driven by end user convenience, resulting in 65% of organisations putting app security at risk due to customer demand or need. 77% of those surveyed stated "rush to release" pressures as a primary reason why mobile apps contain vulnerable code.

When it came to app testing, the study revealed further worrying results. The average company, the study revealed, tests less than half of the mobile apps they build, with a further 33% never testing their apps. This creates a plethora of entry points to tap into business data via unsecured devices.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

"Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse engineer apps, jailbreak mobile devices and tap into confidential data," said Caleb Barlow, Vice President of Mobile Management and Security at IBM.

"Industries need to think about security at the same level on which highly efficient, collaborative cyber criminals are planning attacks. To help companies adopt smart mobile strategies, we’ve tapped the deep security expertise of IBM Security Trusteer, bringing what we’ve learned from protecting the most sensitive data of complex organizations – such as top global banks – and applying it to mobile."

Looking at apps in their practical workplace setting yielded further unfavourable results. 55% of employees said that their company had no policy on the acceptable use of mobile apps in the workplace, with a large majority – 67% – of companies allowing employees to download non-vetted apps to their work devices.

Further risks when it comes to BYOD were further revealed with 55% of organisations saying that employees are permitted to use and download business apps on their personal devices. These devices serve as another unprotected entry-point to valuable company data.

In conclusion, the report should be a wake-up call to organisations – apps are remaining unsecure and unprotected, giving an open invite to any hacker looking for valuable data.

The study, which researched security practices in over 400 large organisations, was conducted by the Ponemon Institute with IBM Security study.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.