Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Mobile Apps Are Replacing the Web – Is Your Enterprise Ready?

We know mobile is quickly changing the way we do business and now it’s also beginning to replace the web.

We know mobile is quickly changing the way we do business and now it’s also beginning to replace the web. A recent Gartner study shows that 86 percent of users are now using mobile apps compared to the 14 percent still using mobile browsers. The trajectory is very clearly shifting from web to mobile and as CISOs, we really need to reevaluate if we are ready to properly secure and protect mobile applications from threats.

A recent study showed that this year, mobile users actually surpassed desktop users. The “mobile first” trend has finally arrived and it’s coming in at full force.

Whether we like it or not, BYOD is here and being adopted in most organizations. As security practitioners, we’ve been looking the other way when it comes to mobile threats and focusing on device management, while still trying to get our heads wrapped around the BYOD concept.

Enterprise Mobile ThreatsOrganizations have hundreds – even thousands – of devices (both corporate-owned and BYOD) being utilized daily. Employees download both third party and internal apps, and access corporate data with them, leaving corporate data at risk.

Now, we are in a situation where we have to catch up and address the application level threats that persist in mobile. This is not uncharted territory though; this has happened before in web apps. We were so focused on firewalls and server patching that we started putting sensitive data in unsecure apps. It was taking us days, even weeks, to protect the data in compromised apps.

Mobile is now experiencing the same problem. Developers are creating apps and hoping they are secure but can’t be positive that the assets are privately protected. Gartner reports that by 2015, 75 percent of mobile apps will fail basic security tests.

This shift to mobile exposes a major fault that needs to be addressed and security practices must address mobile threats as well. We must wrap our security development life cycle around mobile development to ensure we are protecting corporate data.

Everyone likes to think this is someone else’s problem and none of us wants to be the first. Unfortunately, we are already seeing breaches with companies like Walgreens, eHarmony, Fandango, Delta, Walmart, Facebook, and more. If you do a quick Google search of security breaches within the past nine months, the aforementioned enterprises have all had mobile security issues.

The companies responded appropriately and quickly to the attacks in order to contain the damage. However, we can all learn from their mistakes. This is no longer a hypothetical situation; mobile security is a real problem with real consequences for both individuals and organizations. We are seeing sophisticated organizations making huge profits off of mobile attacks. For example, Eurograbber managed to acquire $47 million through mobile attacks.

What can you do to protect your organization from being vulnerable to a threat during the transition to mobile? Below are a few suggestions.

First, get involved. Become part of the mobile development life cycle, just as much as you’re involved with application security projects. The first step is always to be aware of what apps your organization is developing and what risk those apps pose. As your organization changes and becomes more efficient, are employees utilizing different apps? Know your users.

Secondly, implement best practices for your organization. Follow OWASP’s top 10 mobile risks and the remediation for those risks is a great start. This covers everything from data encryption to preventing man-in-the-middle attacks to client side injection.

Lastly, ensure your third party apps are secure and as Gartner recommended, implement RASP (Run Time App Security Protection).

Although the shift to mobile is happening quickly, we don’t have to be a victim of another mobile attack. As CISOs, we can keep our organization’s data protected by staying ahead of the mobile curve and making mobile security a priority for both IT and the organization.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...


Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.