Recent research by Gartner has found that in 2015, the majority of mobile applications across all operating systems will not be equipped with the basic business-acceptable security protocols, creating major issues in the enterprise as bring-your-own-device policies are becoming increasingly common.
According to Gartner principal research analyst Dionisio Zumerle, 90 percent of companies use third-party commercial applications through their BYOD strategies, and 75 percent of mobile applications will not pass basic security tests next year.
"Enterprises that embrace mobile computing and bring-your-own-device strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance," said Zumerle in a statement. "Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security."
Enterprises put at risk by shady mobile apps
The applications downloaded by employees from online stores can usually access enterprise assets or perform business functions yet have hardly any security assurances, according to the report. Because of their lax cybersecurity, these applications are major targets for cybercriminals and put companies' systems at risk. Currently there are three attacks aimed at mobile devices for every one attack on a desktop.
In the report, Gartner suggested that in addition to static application security testing and dynamic application security testing, new tests based on behavioral analysis will be important in the near future. These types of tests would monitor the graphical user interface and the applications running in a device's background in order to detect suspicious behavior. Enterprise mobile devices communicate with company servers in order to access applications and databases, so a failure to protect those privileged systems runs the risk of losing hundreds of thousands of users' information from compromised databases.
As organizations continue to rely heavily on technology to accomplish business functions, cybercriminals are going to increasingly target enterprise systems through any means available. There is a growing need for companies to implement defense techniques to protect sensitive systems from being exposed by malicious mobile applications, and the most reliable solution is to employ a security information and event management solution. SIEM services offer network monitoring to provide businesses with actionable threat intelligence that can be used to get a more comprehensive picture of the current threat landscape and protect against a wide array of attacks originating from anywhere in the network.