If you think enterprise security is a tough job I have bad news for you; thanks to mobile apps, it will undoubtedly get a lot tougher.
Here’s the problem: while there are well-managed app stores from vendors such as Apple and Google and a handful of other vendors, there are scores of less controlled and monitored app “stores”springing up (including those run by the bad guys). In these environments, the security and authenticity of apps can range from good to nonexistent and —no surprise here —these stores are irresistible to hackers.
…hacked 78% of the top 100 paid Android and iOS apps in 2013…[and] Arxan found hacked versions of 100% of the top 100 paid apps for Android and 56% of the top 100 paid apps for iOS…The research unveiled cracked versions of popular financial apps to be at 53% for Android and 23% were Apple iOS hacked variants.
Arxan further pointed out:
Traditional application security practices alone, including safe coding practices, are no longer sufficient to protect mobile applications from these new binary vulnerabilities, as even flawless code can be reversed, modified, manipulated at run-time, or repackaged and distributed. With so much riding on pristine execution of applications, and so small a barrier for hackers to compromise the integrity and confidentiality of the applications, businesses are at significant risk for brand compromise, intellectual property loss or financial damage unless they include App Hardening and Run-Time Protection in their security approach.
In other words, if you thought desktop apps carried some serious risks from being compromised, mobile apps are arguably already orders of magnitude more dangerous to security and privacy. Why? Because they cross the organizational “envelope”more frequently and far more casually, making financial and intellectual property theft, as well as data breaches, far easier and more likely.
Amazingly, according to Verizon’s 2014 Data Breach Investigations Report, 92% of the attacks on 50 global organizations studied were due to only nine patterns of attack. This means that defending against the majority of attacks is practical and achievable.
IBM has partnered with Arxan Technologies to offer Arxan Application Protection for IBM Solutions, which combines Arxan’s App Hardening and Run-Time Protection with IBM’s AppScan technology. Combine a solution like this with enterprise-grade mobile device management and mobile access management and your organization will stand a chance against the bad guys.