Page 57 - CDM-Cyber-Warnings-March-2014
P. 57
.5(-& $"41(38 1., 3'$ .!(+$ "* 41-$1 With consumer and enterprise mobile app revenues estimated to grow to over $60 billion by 2016, mobile applications will continue to be an increasingly attractive target for cybercriminals and hactivists. In the past year, both large and small enterprises have embraced the BYOD phenomenon and adopted a “Mobile First” strategy that has resulted in fast tracked development and deployment of applications across a diversity of mobile computing platforms. One fact is clear, the App Economy is under attack by hackers, with tens of billions of dollars at risk for mobile app owners whose apps are subject to emerging threats such as reverse- engineering and tampering. According to our own recent research 56 percent of the top paid iOS apps and 100 percent of the top paid Android apps were hacked in 2013. That is very disconcerting considering that many employees have dozens or more apps downloaded to their mobile devices and expect to use their personal devices at work. A successful attack has serious consequences with companies suffering malware/exploit injection, fraud risk, revenue loss, IP theft and even long term brand damage. Consequently, one of the biggest trends for 2014 will be the need for in-app protection to be prioritized early in the development cycle and not baked in as an afterthought. This has been a very dangerous market trend. With so much pressure on app developers to produce feature heavy apps in a compressed timeframe, corners can get cut when it comes to protecting internal controls, IP and critical business logic that are the core of an application’s integrity. Furthermore, the Open Web Application Security Project (OWASP) recently updated its list of top mobile application security risks for 2014 to include “lack of binary protection”, which in turn, underlines the industry need for true enterprise-grade mobile app security and advanced binary code protection. In 2014 we need a new approach to security that not only allows developers to satisfy the demand for features but also empowers them to produce innovative mobile applications that are inherently secure. Mobile devices and mobile device management solutions cannot be fully trusted. Security needs to be incorporated directly into the application with the self-defense and tamper resistant attributes prior to deployment to ensure security controls are in place prior to “in the wild” distribution. Having worked with mobile enterprise leaders in the financial services sector, I know they understand the strategic imperative of not deploying their apps without integrity protection. This is an extremely important sector as smartphone penetration worldwide increases and the demand for innovative mobile payment apps grows. Our recent research found 53 percent of the Android financial apps they reviewed had been “cracked” while 23 percent of the iOS financial apps were hacked variants. Another area where I expect there to be real change in 2014 is in security education and awareness. Without a doubt, 2013 has been the year of the hack and with more and more breaches being covered by the media and consumers expecting accountability, businesses need to stand up and pay attention to the threats posed to their businesses and customers. Awareness has certainly been raised. Now education and a commitment to making security a core building block both for how companies develop new mobile technology, and how consumers make use of it needs to be the focus. - Mike Dager, CEO of Arxan Technologies " # % " $ " # ! !
