By Jon Samsel, senior vice president of global marketing at Verimatrix (www.verimatrix.com)
There are a lot of savvy CISOs that recognize their company’s mobile apps are not typically as secure as other facets of their IT infrastructure. So, what do they do? They’ll often beef up the related server firewalls. But’s that all too often where extraordinary cybersecurity measures end in regard to mobile apps and their connection to its business’s assets. Unfortunately, we already see how this lackluster mindset surrounding mobile app security has led to criminals taking full advantage. But why?
Enterprise security and all of its countless accoutrements have received continual and escalating attention for decades now. A business’s internal data, customer information and intellectual property have enjoyed year upon year of greater attention in regard to their protection let alone their value to threat actors looking to take advantage through a wide variety of attack pathways.
Unlike enterprises, mobile apps have of course not been around forever. They’re only about 15 years old, give or take. And the way businesses used mobile apps at first was wildly different than say CRM, HR or accounting systems. Those systems were core to the business. Mobile apps were thought of as a fun offering for consumers at first. After all, the inaugural Android mobile app was named Angry Birds.
Little did most of us know at that point that mobile apps could become the difference between life or death, control our investments, enable medical care, organize our daily schedule, and get us onboard an aircraft, just to name a few capabilities. They were ultimately bound to become somehow linked to nearly every part of our lives. And that’s where we find ourselves today.
However, even with a huge emphasis on vulnerabilities, patching and constant monitoring for enterprise security, why is it the same companies don’t talk about their mobile apps being a pathway for criminals to get inside their business. Newsflash, it’s happening – almost underneath the noses of many IT leaders. Threat actors are now actively getting inside businesses via that business’s own mobile app. Yet most companies either create or outsource the development of an app that’s important if not central to their enterprise but do little to continually monitor its activity, discover unauthorized access/actions, and remediate it in real time.
Mindsets will likely soon change. At their onset, mobile apps were not nearly as critical to a business or connected to as much critical company or user data. Today, a mobile app can even serve as the core of a thriving enterprise. In many ways, an app is the business – it wouldn’t exist otherwise. Thus, the priority to gain insight into how criminals can exploit weaknesses in an app is key. And with potentially millions upon millions of users of a single app, that company needs two-way communication with what each downloaded app is doing. Companies already do this with employee data and others – they will soon be bolstering their mobile app security and intelligence when more and more headlines show how bad actors are taking this new path into the enterprise back door.
Popular security sectors such as authentication and email were closely tied to business requirements from the get-go, resulting in rapid implementation of cybersecurity measures. While mobile apps didn’t initially hold the same level of importance for many businesses, they are now becoming crucial due to the sheer number of users downloading and interacting them. With billions of apps and users on countless unmanaged devices, the cyber risks associated with this vast ecosystem will be significant if security measures continue to be neglected.
Jon Samsel serves as senior vice president of global marketing at Verimatrix (www.verimatrix.com), an award-winning innovator in mobile app security.
