Mobile App Security Risky Across Sectors
While mobile app security is an issue across all sectors, 50% of apps that come from media and entertainment businesses are putting users at risk. New research from BitSight found that a significant percentage of mobile apps across multiple industries have high-severity vulnerabilities.
“Mobile apps pose significant risks, such as data leakage, credential theft and unencrypted personally identifiable information when not properly secured,” Dan Dahlberg, technical director, Bitsight, said in an email.
Analyzing data from over 10,000 companies across the categories of business services, finance, tech, education and media, BitSight learned that more than half of the music, news, media, publishing and entertainment companies failed their high-severity tests. Over 10% of those media and entertainment apps that failed have unencrypted location data, which could allow attackers to access a user’s GPS location.
In addition, the research suggested that because one in four finance companies offers risky mobile apps, there is potentially higher risk of bank accounts being accessed without proper authorization.
“The Finance industry had the highest rate of broken SSL configurations (invalid TLS/SSL certificates): over 34% of applications that failed high severity tests in the Finance industry could be vulnerable to man-in-the-middle (MITM) and other attacks that can compromise data,” BitSight wrote in today’s blog post.
In the business services and education industry, 32% of the mobile apps BitSight tested are not encrypting end-user data, including the devices' IP addresses.
"Businesses need comprehensive, objective visibility into the security performance of the third and fourth parties they do business with. This includes understanding whether they offer apps that are predisposed to vulnerabilities, which could be detrimental to the entire vendor network, if compromised," Dahlberg wrote.
In related news, despite the woes of mobile app security the market is swiftly burgeoning. Today ABNewsWire announced that the global mobile application security market forecasts a compound annual growth rate (CAGR) of 25.96%. The new report, Application Security Market 2018 Global Analysis, Growth, Trends and Opportunities Research Report Forecasting to 2023, looks at what is both driving and restricting the demand of application security.
Source: Information Security Magazine