Many businesses are not taking adequate steps to protect their mobile and bring your own device (BYOD) environments from cyber attacks, new research has discovered.
A study by IBM and the Ponemon Institute revealed that mobile threats are on the rise, which should be a serious concern to enterprises as more operations are conducted via smartphones and tablets. It found that at any given time, around 11.6 million mobile devices are infected with malicious code.
But despite this, more than half of large companies do not devote any financial resources directly to mobile security. As a result, hackers are increasingly taking advantage of insecure mobile apps to break into both corporate-owned and personal devices that may store valuable company data.
What's more, these devices are increasingly viewed by criminals as a gateway into an organisations' wider internal networks, so shortcomings in mobile security could have much wider-reaching implications than many businesses realise.
It is not only third-party apps that enterprises may be vulnerable to, as the research also found many companies are not taking the right precautions to secure their own apps they build for internal or customer use.
IBM and the Ponemon Institute's research found the average large enterprise spends $34 million (£23 million) every year on developing mobile apps. However, only 5.5 per cent of this amount goes towards ensuring these programs are secure prior to being released.
The typical company only tests half of the apps it builds for security, while one in three firms admit to never testing their mobile developments, which could leave a wide range of potential entry points available to hackers. Even among companies that do scan for vulnerabilities before deploying apps to the market, only 15 per cent test their apps as frequently as needed to be effective.
Caleb Barlow, vice-president of mobile management and security at IBM, commented: "Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse engineer apps, jailbreak mobile devices and tap into confidential data.
“Industries need to think about security at the same level on which highly efficient, collaborative cyber criminals are planning attacks."
One reason for the failure to focus on security is that businesses are giving a higher priority to the speed of development and creating a user-friendly experience. The study found 65 per cent of organisations stated the security of their apps is put at risk because of customer demand or need, while 77 per cent cited 'rush to release' pressures as a primary reason why mobile apps contain vulnerable code.
Businesses also need to be aware of the unique challenges posed by BYOD, as the risks increase when employees are using personal devices to access resources from outside the office.
Particular challenges arise when employees connect to unsecured networks or download apps from untrusted sources, which can leave their device vulnerable to malware. The study's findings suggest even apps from trusted organisations and available in traditional app stores can carry significant risks.
This is a factor many firms have yet to respond to. Even though though most employees say they are heavy users of apps, over half (55 per cent) state their organisation does not have a policy which defines the acceptable use of mobile apps in the workplace. Additionally, more than two-thirds of companies allow employees to download non-vetted apps to their work devices.