May 09, 2018
Mobile application security is becoming an increasingly important factor for consumers. Arxan’s recent ‘Annual State of Application Security Report’ revealed that nearly half of application users (48%) expect their apps to be hacked within the next six months and 82% of users would change providers if they knew alternative apps were more secure. Today I’m looking at four things your organisation can do to improve mobile app security and mitigate the risks associated with insecure application development.
1) Aim Higher than the Regulators
While you may look to regulatory bodies as the standard that you aspire to in terms of your own application security, Arxan identified that apps approved by trusted sources (such as the NHS in the UK) are actually no more secure than unapproved apps.Regulatory bodies always lag behind cyber criminals as they are traditionally slow to react to the latest security threats and vulnerabilities. Rather than treating regulatory bodies as the security standard that you aim for, set your bar higher and work to consistently exceed their security levels by implementing security best practices throughout the development process.
2) Identify Key Weaknesses – Then Strengthen Them
The OWASP Mobile Top 10 lists the ten most common vulnerabilities found in mobile applications. The list represents a consensus among many of the world’s leading information security experts and provides valuable guidance to help you mitigate common mobile application security risks. Consulting the OWASP Mobile Top 10 will help you to identify the biggest weaknesses in your application security, which can have the most significant impact on your application. For example, Arxan’s study assessed vulnerabilities of 126 mobile apps in the US, UK, Germany and Japan and revealed that 90% were not adequately addressing two or more of the OWASP Mobile Top 10 risks. But if you know what the most common vulnerabilities are, you should be able to guard against them in the development process.
3) Make Security a Competitive Advantage
Arxan’s study showed that 82% of users would change providers if they knew that similar, alternative applications were more secure. Therefore, it’s clear that application security is an increasingly important factor for consumers – and something your organisation should prioritise in order to avoid a mass customer migration in the case of a security breach. Implementing security best practices into your application development process and prioritising application security can become a competitive advantage, helping you to attract and retain customers. If your application is shown to be more secure than your main competitor and you become known as the provider of the most secure mobile applications in your sector, that will be a significant deciding factor for customers during their purchasing decision-making process.
4) Align Spending with Risks
Worryingly, Arxan found that 50% of organisations have zero budget allocated for mobile app security. For the other 50%, the majority of their spending goes into securing the network layer. However, IBM and Ponemon research revealed that the majority of security risks are happening at the application layer, rather than the network layer. This highlights a disconnect between the perceived security threats and true vulnerabilities. Therefore, it is vital that your organisation invests its mobile app security budget in securing against real, rather than perceived, threats.