Mobile Apps and Sites Continue to Leak Sensitive Data
New research from mobile data security and management firm Wandera has revealed that high-profile apps and mobile websites are continuing to leak sensitive data.
The Mobile Data Report Q1 2016 discovered that the number of apps and sites that are failing to secure credit card information has increased by 17% in the first quarter of 2016, compared to the final three months of last year.
Furthermore, Wandera found an alarming surge in the amount of malicious domains visited by users. A massive 200% increase per month through the quarter was attributed to a concerning rise in ad frameworks used within apps and websites that are directing users to domains with a history of malicious activity.
“The report illustrates that despite their best efforts in avoiding malware, for instance through identifying phishing attacks, users are unfortunately being caught unawares by compromised ad frameworks in trusted apps,” said Eldar Tuvey, CEO of Wandera.
“App owners themselves are not directly responsible for the adverts that may appear within their apps, as they come from the frameworks, so CIOs must help their employees with further detailed education on what may constitute a compromised ad,” he added.
Perhaps unsurprisingly, half of the top 10 data consuming apps accessed on enterprise devices were non-work-related, with Facebook, Instagram, Twitter and WhatsApp all proving popular, suggesting companies are failing to control the app usage of their employees.
“CIOs need to be appreciative of how non-work-related apps such as Facebook and Snapchat are swallowing up huge portions of corporate data allowances, leaving an enterprise at risk of bill shock. Usage rules and education are the most effective means of minimizing excessive consumption of data,” said Tuvey.
On a more positive note, the report did find that encryption is on the up with 70% of the data from apps now encrypted, an increase of 21% in the last 12 months. Encryption of data within browsers has also risen, although this was by a less significant 13%. What this shows is that developers and brands are clearly recognizing the importance of encryption, even if there is still work to be done to ensure awareness continues to accelerate.
In a statement to Infosecurity Luis Corrons, PandaLabs technical director at Panda Security, explained that technological companies have been aware of the need for better encryption for a number of years, but issues such as implementation complexity and a lack of understanding have often prevented it being properly applied.
However, with the general public now demanding more products and services that guarantee their privacy, companies are becoming more willing to attract customers by satisfying those requests with better encryption, Corrons added.
“If we want to implement good layered security,” he continued, “one of these layers is undoubtedly encryption to all processes that work with critical information such as credentials, confidential documents, communications, etc. It will increase our security and is a must if we are possible targets of a cyber-attack – which is pretty much all companies these days.”
Source: Information Security Magazine