Page 33 - index
P. 33
Moving Security From the Mobile Back Burner
With consumer and enterprise mobile app revenues estimated to grow to over $60 billion by
2016, mobile applications will continue to be an increasingly attractive target for
cybercriminals and hactivists.
In the past year, both large and small enterprises have embraced the BYOD phenomenon
and adopted a “Mobile First” strategy that has resulted in fast tracked development and
deployment of applications across a diversity of mobile computing platforms.
One fact is clear, the App Economy is under attack by hackers, with tens of billions of dollars
at risk for mobile app owners whose apps are subject to emerging threats such as reverse-
engineering and tampering.
According to our own recent research 56 percent of the top paid iOS apps and 100 percent
of the top paid Android apps were hacked in 2013. That is very disconcerting considering
that many employees have dozens or more apps downloaded to their mobile devices and
expect to use their personal devices at work.
A successful attack has serious consequences with companies suffering malware/exploit
injection, fraud risk, revenue loss, IP theft and even long term brand damage.
Consequently, one of the biggest trends for 2014 will be the need for in-app protection to be
prioritized early in the development cycle and not baked in as an afterthought. This has been
a very dangerous market trend.
With so much pressure on app developers to produce feature heavy apps in a compressed
timeframe, corners can get cut when it comes to protecting internal controls, IP and critical
business logic that are the core of an application’s integrity.
Furthermore, the Open Web Application Security Project (OWASP) recently updated its list
of top mobile application security risks for 2014 to include “lack of binary protection”, which in
turn, underlines the industry need for true enterprise-grade mobile app security and
advanced binary code protection.
In 2014 we need a new approach to security that not only allows developers to satisfy the
demand for features but also empowers them to produce innovative mobile applications that
are inherently secure. Mobile devices and mobile device management solutions cannot be
fully trusted.
Security needs to be incorporated directly into the application with the self-defense and
tamper resistant attributes prior to deployment to ensure security controls are in place prior
to “in the wild” distribution.
Having worked with mobile enterprise leaders in the financial services sector, I know they
understand the strategic imperative of not deploying their apps without integrity protection.
This is an extremely important sector as smartphone penetration worldwide increases and
the demand for innovative mobile payment apps grows. Our recent research found 53
33 Cyber Warnings E-Magazine – April 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
