Mobile and IoT cause security concerns for businesses
Despite more than half of companies saying they've been breached, they aren't protecting their apps sufficiently
Companies are worried about insecure mobile apps causing a data breach, yet many are doing nothing to protect themselves, a new study has shown.
Research by the Ponemon Institute, IBM Security and Arxan Technologies revealed the code running many apps on mobile and IoT devices has not been protected to prevent hackers breaking in and stealing data.
Indeed, although 60% of businesses said their organisation has already experienced a data breach caused by an insecure mobile app, with almost all of those affected saying they're worried it'll happen again, 44% are taking no steps to protect their apps against attacks.
"The laissez-faire attitude toward the security of mobile and IoT applications needs to come to an end and organisations must start emphasising security in the development process in order to prevent a detrimental attack," Mandeep Khera, chief marketing officer of Arxan, said.
However, many of those surveyed revealed their businesses don't have the budget to address the growing threat. The biggest factor for the company deciding to allocate a bigger budget is if they experienced a serious hacking incident, or new regulations were introduced.
"One breach can set a company back dramatically in brand damage, financial loss and recovery costs. You have to think of the old idiom - penny wise, pound foolish," Khera said.
Commenting on the findings, Larry Ponemon, chair and founder of Ponemon Institute, said: "Factors revealed in this study may help to explain the lack of urgency."
"Respondents voiced minimal budget allocation, and those responsible for stopping attacks are not in the security function, but rather other lines of business. Without proper budget or oversight, these threats aren't being taken seriously and it should come as no surprise for mobile and IoT applications to be the culprit of major data breaches to come," he added
Other findings of the research revealed that businesses find IoT much harder to secure compared to mobile apps. Two thirds reported their business lacked the quality assurance and testing procedures for IoT apps, meaning they often launch before they're ready.
"Mobile and IoT applications continue to be released at a rapid pace to meet user demand. If security isn't designed into these apps there could be significant negative impacts," said Diana Kelley, global executive security advisor at IBM Security.
"Organisations are at risk and cybercriminals know where the soft spots are. Raising awareness of application security in the enterprise is a critically important first step toward a more secure future for businesses and consumers."
Main image credit: Bigstock