When you develop an app, probably the last thing on your mind is mobile app security. If that's the case, you're not alone. Providing secure access to data can be a daunting task if your development tools lack a framework for easily integrating mobile security. A new study funded by IBM says that almost 40 percent of enterprise-sized companies, including a number in the Fortune 500, don't bother to make sure that the apps they build for their customers are secure.
The study, done by the Ponemon Institute, found that it's not just mobile apps at risk in large companies. So are mobile devices. It concludes that "organizations are poorly protecting their corporate and BYOD mobile devices against cyber-attacks - opening the door for hackers to easily access user, corporate and customer data."
Mobile App Security: A Hard Look at Hard NumbersThe study contains some eye-opening facts. At any given time, it says, malware affects more than 11.6 million mobile devices, and the attacks are accelerating. The study looked at security practices in more than 400 large organizations and found that on average, companies test fewer than half of the mobile apps that they develop. Worse still: A full 40 percent of companies never test their apps for security.
More surprising still is that half of the organizations "were found to devote zero budget whatsoever towards mobile security." On average, the study says, each large company spends $34 million annually to develop mobile apps, but spends only 5.5 percent of that budget to secure those apps against hackers and security breaches.
Caleb Barlow, Vice President of Mobile Management and Security at IBM, warns, "Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse engineer apps, jailbreak mobile devices and tap into confidential data."
Why do companies spend so little time and energy on securing mobile apps and devices? A full 65 percent of companies reported in the study that "the security of their apps is often put at risk because of customer demand or need." And 77 percent said that "rush to release" pressures as were the main reason that mobile apps have vulnerable code.