What Experts are saying about Mobile Application Security

What-Experts-are-saying-about-Mobile-Application-Security-Blog-IMG.jpg

Since smartphones and tablets have become such an integral part of everyday life, hackers and other malicious users have truly evolved their methods and devised more invasive, damaging ways to manipulate an application’s code and exploit sensitive customer data for their own ends.

Accordingly, developers the world over continue to embrace the now-undeniable necessity for a sophisticated plan to counteract this looming threat. It’s become commonplace to hear about one devastating cyber-attack after another that affects millions of consumers.

So, of course, mobile application security has rightfully become one of the hottest topics among those in the industry. With its prominent role in the current conversation, it’s all too easy to forget that such safeguards are still relatively in their infancy.

This is not to say that we haven’t made tremendous strides in understanding the invaluable possibilities inherent in mobile application security. A number of tools have emerged that can help developers monitor for potential data breaches and ensure that they take swift action if such an event does occur. In addition, both consumers and developers alike continue to achieve a greater awareness of the dangers that might be facing if they fail to take any precautions.

Considering the brief lifespan of mobile technology to date, it’s impressive how much we’ve discovered about mobile application security. Still, there is much we have to learn. To that end, let’s turn to some experts in the industry for their thoughts on this phenomenon and how consumers and developers should proceed going forward.

Dave Jevans, CEO and CTO of Marble Security:

“Enterprises face a far greater threat from the millions of generally available apps on their employees’ devices than from mobile malware. Enterprise users casually give these riskware apps sweeping permissions, not realizing that their personal and corporate data may be sent to remote servers and advertising networks all over the world, where it can be mined by cybercriminals and hostile governments seeking access to corporate networks.”

Jevans’ specific call-out of the vulnerability that businesses face through their mobile applications is one that is becoming more and more apparent with each passing day. High-profile companies from such data-sensitive industries as healthcare and finance have experienced jaw-dropping exposure due to cyber-attacks. Jevans even noted that throughout 2017, roughly 75 percent of all mobile security breaches will have occurred via apps, rather than more technical attacks on operating systems.

Perhaps the most noteworthy element of Jevans’ statement is how cavalier corporations have tended to be with their mobile elements, providing approvals on apps without proper vetting or establishing effective security protections before going live.

Yet, by neglecting to acknowledge that these aspects of their businesses serve as gateways to their respective networks, these companies are in fact carelessly creating an undeniably attractive flaw within their system. This is an opportunity that hackers and other malicious users are unlikely to turn a blind eye to. It will therefore only be a matter of time before these businesses face intense cyber-security issues, placing their “enterprise users” — as Jevans points out — in grave danger.

The silver lining? It does appear that businesses in engage in mobile technology both internally and as a means to connect with customers are beginning to get the message. However, it has come at the cost of so many other companies suffering cyberattacks in the meantime. Hopefully, as time goes by, this will have become less and less of a concern.

John McAfee, Cybersecurity Expert:

“I have been warning the world for years that we are teetering on the edge of an abyss, that our cybersecurity paradigms no longer function and that chaos will descend if something is not done. The fundamental operating system (Android), used by 90% of the world — and that should be the first bulwark against malicious intrusion — is flawed. Should I not bring this to the world’s attention through a dramatic demonstration? Do I not owe it to the world?”

If McAfee’s name sounds familiar, that’s because he is the man behind the companies that produces the titular antivirus software you probably had installed on your computer at one point (or still do). So, needless to say, his viewpoint is easily valid when it comes to cybersecurity issues. In the above quote, he sounds off about his years of warning the industry that cybersecurity concerns are only going to continue to grow if drastic action is not taken.

With the internet and its adjacent functions in everyday society developing at such a rapid pace, is it really a surprise to anyone that the “cybersecurity paradigms” initially put in place to govern the connective tissue of the World Wide Web have become outdated? Not to McAfee, who has spent so much of his life within the industry.

coding-compromised-blog-img.jpg

As the vulnerabilities within a developer’s code have grown, so too has the sheer volume of threats poised to take advantage of it. While many have seemingly not heeded McAfee’s foreboding words about what lie ahead, he is on point with his specific mention that Android features a very flawed design when it comes to addressing lingering security concerns (though iOS isn’t much better, all things considered).

At least now a number of tools have come to the forefront that developers can use to tackle cybersecurity issues head-on, rather than simply reacting with damage control as they once may have done.

Sam Phillips, VP of Enterprise Security Services and CISO, Samsung:

“When assessing mobile security for businesses, organizations need to carefully consider the risks and regulatory requirements associated with their particular environment. In order to assess the risks involved, they must understand what data they could be exposing in addition to the applications and services to be made available. In higher risk environments, organizations should have greater control over the security posture of mobile devices.”

Much like Devan, Phillips here appears to be focused on the mobile security matters that businesses leave themselves open to. Considering his role at Samsung, it stands to reason that his eye would wander towards that particular arena. Moreover, seeing as Samsung KNOX reportedly received the best ratings of any mobile platform in a Gartner report, his perspective on this issue is certainly worth a look.

His quote above underscores a continuing trend among experts that businesses simply do not understand the risks they’re putting themselves and their customers in by engaging in the (until recently) uncharted terrain that is occupied by mobile applications. Without proper regulations in place to keep your app in safe, working order (yes, including a thorough security framework), the chances that cyber-attackers will strike increase exponentially.

Naturally, this needs to be addressed on a case-by-case basis. Not all businesses are created equal, and the industry in which they operate will be inevitably accompanied by its own set of mobile security challenges.

For instance, those companies who deal specifically in sensitive data — and require this information to be saved within their mobile apps — will be at far greater risk of a security breach that might wreak havoc on the long-term prospect of their business or do irreparable harm to that most critical of assets: your reputation. Phillips clearly advocates from preemptive action, and based on what we’ve seen in the world of mobile application security thus far, we can’t say he’s incorrect.

Ray Bryant, CEO, idappcom:

“Spending hundreds of thousands of pounds, euros or dollars on a security system, plugging it in and switching it on — then presuming your company is secure — is a totally inadequate approach, because it usually results in relatively poor levels of protection for your organization as the threats from criminals are constantly changing. Configuration, constant evaluation and constant updating of security rules are essential to the IT security of a business. Of course, the degree to which protection is needed is a matter of balancing risk and cost, and this equation is a unique business decision as with any other senior management process…”

Since his company hinges on software designed to identify and act against cybersecurity threats, Bryant knows a thing or two about what it takes to keep your business’s apps protected from the danger of hackers. He particularly calls out the cookie-cutter approach to security that many of our experts — including Phillips — appear to argue against.

Not only is every company unique in the security coverage it requires to be “safe” from attack, but the ever-changing nature of hackers’ tactics necessitates a level of vigilance that many companies simply aren’t prepared for. At this stage, it’s become incredibly easy to hack into a mobile app, making it more difficult than ever for a company to cover all their vulnerabilities in one fell swoop. That’s why security monitoring is fast becoming the name of the game in mobile application security.

mobile-eventual-hack-blog-img.jpg

If an attempted cyber-attack does come to pass (as it almost always will), the developer in question has measures in place to keep hackers at bay while they react proactively and fortify their app, warning users to take action if necessary and perhaps making necessary code adjustments at that time as well.

As mobile apps flood onto the marketplace, Bryant stresses that companies take a deeper dive into their security systems than they historically have. Making only a cursory attempt to create a safe environment will only leave your app and its users doomed to suffer at the hands of the most recent cyberattack scheme.

Ondrej Krehel, CEO & Founder, LIFARS:

“Mobile security is often misrepresented by the high confidence levels of users themselves. While enterprises are adopting new mobile cybersecurity strategies, it’s the users who are the closest to the BYOD (bring your own device) technologies and often are responsible for their choices of action on their devices. Smartphones and other portable devices are among the easiest attack vectors for hackers. Just because we do not see many high-level cases in the press yet, it does not mean that it is not happening. We need to emphasize that these devices hold the key to our lives – both corporate and individual. Because they are always close to us, in our pockets, users experience a false perception of security.”

Noticing a pattern here? Krehel — whose LIFARS specializes in digital forensics and cybersecurity intelligence — pegs the growing need for mobile application security on users as much as on the various types of hackers who inhabit the space. Indeed, the fact that our current society so heavily centers on mobile technology in virtually every aspect of life tends to instill a “false perception of security.”

The solution then is to empower users to take their cybersecurity into their own hands. Rather than laying all the responsibility at the feet of developers and/or companies themselves, these organizations should be taking progressive steps to inform their users of how the part they play in keeping hackers at bay.

After all, the danger that hackers pose ultimately targets user data as much as — if not more than — the app’s coding itself. So it behooves users who cling so tenderly to their mobile devices to share the burden of cybersecurity with the companies that provide the apps they use. Of course, this requires developers to make the first move and collectively educate their users of what they can do to help.

With a united front, we can only imagine how much more effective the evolving mobile application security measures will be. Krehel appears to have the right idea about how we can take this fight against hackers to the next level. Here’s hoping we reach it sooner rather than later.

Way of the Future

future-of-mobile-blog-img.jpg

As with all learning curves, the best way to gain a better understanding of the topic at hand is to absorb as much knowledge as possible from those more enlightened than yourself. Mobile application security is still very much one of those topics that you and your team need to place such an emphasis on. In the future, the ongoing proliferation of smartphones and other mobile devices will only perpetuate the need to protect your apps and their users.

Even with so many nefarious forces out there seemingly plotting to decimate all the hard work you put into developing your app, mobile application security remains a beacon of hope that your business can withstand a cyber-attack.

News is already pouring in about all the myriad ways in which mobile application security is having a positive impact on the industry and consumer culture at large. From the creation of a safer online space to a more vigorous pursuit of cybercrime, the effects of increased awareness and stronger means to combat cyber-attacks translates into a more enlightened industry for developers like you.

With any luck, the expert insights we’ve discussed above will only further inspire you to take action within your own business and become a more integral part of the effort to keep your users and, by extension, the online community safe from those who wish to cause it harm.

After all, it is only by communicating about these issues that we can ever hope to improve our means of solving them.

Share

Leave a Reply

%d bloggers like this: