Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Can enterprises keep mobile security threats from driving customers away?

David Geer | Jan. 6, 2016
By building intelligent IDS/IPS into an app from the ground up, an enterprise can enable apps to be self-defending against any malicious use of their capabilities.

A 2015 mobile app survey from Bluebox Security supports the notion that most consumers would turn away from vendors if their mobile app is compromised and take their business elsewhere.

The vast majority (80 percent) of consumers surveyed said that they would stop patronizing a company if its mobile app was compromised in a breach, say the Bluebox Mobile App Survey results. Participants in the 2015 survey include approximately 400 consumers and 300 developers.

The vulnerabilities that lead to mobile app breaches lie as much or more in the mobile OSs as in the apps. More than 1 billion devices running affected Android and iOS operating systems were vulnerable to the Stagefright attack this year, according to Adam Ely, CSO, Bluebox Security. That number is based on the install base of mobile devices with the vulnerable OSs. “That makes mobile the next big security threat vector,” says Ely.

CSO covers how to help enterprises curtail these breaches and keep consumers from running to competitors.

The source of mobile threats, consumer sentiment

The attacks on Stagefright targeted core mobile OS vulnerabilities in the Android media playback engine architecture. In the case of XcodeGhost, an attacker added malware to a pirated copy of Xcode, which developers use to build iOS applications. “When developers used this hacked version of Xcode to build their iOS apps, it automatically injected malware into the app,” says Ely. The fact that developers were using a version of Xcode, albeit a hacked version, to build their apps meant that The App Store would readily clear the app and host it as a clean app.

“Apple has patched more than 120 security flaws since it released iOS 9,” says Ely. When the vulnerability is in the mobile OS, how can mobile app developers ensure the security of their apps?

Consumers are responding to the unassailable evidence of seemingly unstoppable affronts to their mobile activities and transactions. “In our private conversations with our customers, we found that they were starting to get more inquiries from consumers in the last six to 12 months about security, data privacy, and what’s going to happen with their data. This was something that two years ago most consumers never asked about,” says Ely.

High-profile data breaches and reported unnecessary mobile app risks are leading consumers to consider the gravity of the threat to their PII to the point of developing their own plans of action in the event of further breaches. If an enterprise can’t ensure mobile application security, customers will respond by clicking elsewhere. “I can buy something at Target, Wal-Mart, Amex, Jet, wherever I want, so there’s a very low switching cost, so consumers have the ability to take a matter into their own hands,” says Ely.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.