We are pleased to present the findings of The State of Mobile Application Insecurity sponsored by IBM. The purpose of this research is to understand how companies are reducing the risk of unsecured mobile apps in the workplace.
Ponemon Institute surveyed 640 individuals involved in the application development and security process in their organizations on the following topics:
- Why mobile application security eludes many organizations.
- The difficulty in controlling employees’ risky behaviors.
- Are organizations taking the right steps to secure mobile apps?
As shown in Figure 1, 77 percent of respondents rate the level of difficulty in securing apps as very high. Only 7 percent of respondents believe it is easy or a “piece of cake.” Following are six findings that reveal why the state of mobile application is insecure:
1. The “rush to release” results in mobile apps that can have vulnerabilities. Sixty-five percent of respondents say the security of mobile apps is sometimes put at risk because of customer demand or need. Thirty-eight percent of respondents say their organizations do not scan for vulnerabilities.
2. Mobile apps are often tested infrequently and too late. Most respondents (55 percent) say they do not test apps or they are unsure. Mobile apps are rarely tested in production. Most often they are tested in development or post-development.
3. Malware-infected mobile apps and devices will increase. Sixty-one percent of respondents say their organizations will need to address the growing risk of malware-infected mobile apps. However, only 29 percent of respondents say their organization has ample resources to prevent the use of vulnerable or malware-infected mobile apps.
4. Not enough is spent on mobile app security. While an average of $34 million is spent annually on mobile app development, only 5.5 percent, or $2 million, is allocated to mobile app security.
5. There is a dearth of trained and expert security professionals. Only 41 percent of respondents say their organization has sufficient mobile application security expertise.
6. Organizations lack policies that provide guidance on employees’ use of mobile apps. The findings reveal most employees’ are “heavy users of apps”, but 55 percent of respondents say their organization does not have a policy that defines the acceptable use of mobile apps in the workplace.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program