Story image

Mobile threat landscape a minefield

05 Aug 2015

The mobile threat landscape is shifting, with new app vulnerabilities and threat vectors emerging, according to Appthority’s second Q2 2015 Enterprise Mobile Threat Report.

The report shows enterprises are depending more on mobile solutions for increased productivity, and adopting Bring Your Own Apps (BYOA) and Bring Your Own Device (BYOD) policies to protect against corporate security and privacy risks.

However, enterprises still need help understanding mobile security, Appthority says.

"Mobile technology is changing at lightning speed and enterprises need help navigating the rapidly evolving mobile threat landscape," says Domingo Guerra, Appthority president and co-founder.

“We uncovered some surprising trends related to malware, data sharing across geographic borders, and the lesser known but very prevalent threat of dead and stale apps."

In the Q2 2015 Enterprise Mobile Threat Report, Appthority analysed security and risky behaviours in three million apps and assessed how these risks are impacting enterprise environments.

The report covers iOS and Android apps found on both BYOD and enterprise-owned devices.

Key findings include:

Enterprise data crossing international borders: Appthority mapped the geographic flow of enterprise data and discovered that apps are sending PII (personal identifiable information) and other sensitive information all over the globe, often without the enterprise's knowledge.

The top iOS apps sent data to 92 different countries while the top Android apps sent data to 63 different countries.

The risk of the third party library: Overstretched enterprise app development teams increasingly rely on third party libraries and SDKs.

With no policy in place to analyse mobile app security, enterprise data is put at risk when one of those popular third party packages carries a major vulnerability, says Appthority.

Zombie apps, a threat that won't die: Zombie apps are apps that have been revoked by the app store and are no longer receiving security updates.

App stores are under no regulatory obligation to inform users of revoked apps, and Appthority's research shows that 100% of enterprises surveyed have zombie apps in their environments, leaving the door open for cybercriminals and other security threats to access sensitive data.

"The ongoing threat of zombie apps and stale apps continues to be an 'under the radar' threat to the enterprise," says Guerra.

"The solution to closing this threat window is really two-fold: app stores need to revamp their policy to include a mechanism for alerting end users that an app on their device has been revoked, and end users need increased education about the importance of making updates to their mobile apps as soon as they are available," he says.

Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.