Page 29 - Cyber Warnings
P. 29
Something Must Be Done
Even without experiencing cyberattacks on their apps, about 80 percent of health app users
would change providers if their apps were known to be vulnerable or if alternative apps that
incorporated improved security protection were available.
Interestingly, more than 75 percent of mobile health app executives also believed that users
would change providers if they knew their apps were insecure or if a similar provider offered a
more secure mobile app.
Ignorance Must Be Bliss
There were more than 3 billion mobile health apps downloaded in 2015 from major app stores,
according to “The 2015 mHealth App Developer Economics Study.”
As noted by this research, if health app users actually knew how vulnerable their apps are, there
would be a mass exodus of users fleeing to health care organizations that develop more secure,
trusted mobile apps.
What Can Be Done to Improve Application Security?
For Health Care Organizations
Set your security bar above the regulators. Regulatory bodies currently lag behind the
current activities of cybercriminals, and they likely always will.
Apps approved by trusted sources such as FDA are often no more secure than unapproved
apps.
As previously stated, 84 percent of the FDA-approved apps had at least two critical OWASP
mobile top 10 risks.
Strengthen the weakest links. Address elements of the OWASP risks that are being
neglected.
For example, 79 percent of the apps tested had a transport layer vulnerability and 97 percent
lacked binary code protection — the most prevalent security vulnerability identified.
Make security a competitive advantage. Market the strength of security you offer to attract
and retain your customer base.
Align spending with risks. The mobile insecurity study revealed that security spending is
disproportionately allocated based on where there is risk.
While the majority of risks are at the application layer, there is relatively little application-focused
spending, particularly when compared to the network-focused spending.
29 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
