These days, it would appear as if every business has become a software business. Organisations of all kinds and sizes are growing increasingly dependent on automation, which in turn sees a need for software to be safe and stable in an increasingly complex environment.
“Insecure or vulnerable code is fast becoming a major security risk, and therefore becoming a top business risk too,” says Lutz Blaeser, MD of Intact Software Distribution. “It is foolhardy on every level to ignore this risk while spending fortunes on security measures such as firewalls and anti-malware, neither of which is effective in protecting applications.”
According to him, software development today needs ongoing application security, to go hand-in-hand with ongoing integration, delivery and deployment. “The problem is, even well thought out application security measures can’t always operate at the speed and scale that is needed.”
Blaeser says securing mobile apps needs harsher regulations when it comes to disk-encryption. “There are several problems that cause vulnerabilities which are unique to mobile apps, and there are some measures businesses can take to protect themselves against them.”
There is an increased interest in hacking mobiles, he adds. “Cyber crooks are constantly on the lookout for new ways to get a toehold in a company, and are realising that targeting vulnerabilities in mobile device security can help them accomplish this more easily than by other means.”
Coupled with this, it is well known that there are far more strains of malware written for the Android platform, with fewer for Windows, and even fewer again for iOS. “In comparison to computers, mobile security is still relatively in its infancy, Blaeser says.
Next he cites application vulnerabilities. “Vulnerabilities can be found in even the most reputable app stores, and the less reputable ones have little to no testing and control. Add to that that the vast majority of users never bother to thoroughly check which permissions the app asks for, just clicking willy nilly on the install button without vetting the app at all. There are often weaknesses in the underlying code which can also be a portal for cyber criminals to access the devices.”
Speaking of what businesses can do to protect themselves, he says organisations should make sure that all staff protect their phones. “This means using a biometric, pattern or a password to access their devices. They should also forbid rooting or jailbreaking and unauthorised applications as well.”
To better secure company data, businesses need to boost the security of company data by encrypting mobile data and give their security team the tools to block and wipe company devices remotely should they be lost or stolen. Blaeser also advises to make sure that any transactions are secure too.
“Staff access on their mobiles to enterprise services can be restricted. So can the ability to execute any mobile transactions. This can be based on who the employee is, how secure their mobile is, where they are transacting from, and from which network. Enforcing principles of least privilege works in this situation too.”
Mobile devices such as laptops, tablets, phones and even wearables are the vector for threat actors to find their way into your organisation. Guaranteeing that your bring your own (BYO) environment is safe means that businesses need to continually assess their security systems, tools and policies, Blaeser concludes.