Do Organisations Face A Security Risk From Apps?

Yesterday we looked at the growing area of Shadow IT within organisations. We concluded that even though Shadow IT has the potential to be a force for good, there is still a significant threat posed by the usage of apps that do not align with a company’s security, compliance, reliability, documentation or control.

How much of a threat do mobile apps now pose? Is it true that a small device used incorrectly could rapidly become the biggest security hole in a company? The advent of BYOD certainly opens up companies to threats that may slip through the network cracks because of employee negligence or lack of understanding.

Companies need to understand that a BYOD culture will inevitably open them up to security challenges. For example, the 400+ million Android devices in operation doesn’t only mean big money for Google but also means big money to app makers, and unfortunately, criminals. However, although surveys in all industries regularly show criminals will target the companies, systems and platforms with the most users, who is actually more of a threat to an organisation, criminals or employees?

According to a Ponemon Institute study, a company’s own employees are certainly the biggest threat to company data – they say one third of all data breaches are internal and accidentally caused by workers. Employees risk losing data when their devices are stolen or not sufficiently secured from data-stealing malware – for example, it is predicted that only 20% of Android-based devices have security apps installed, while smartphones and cell phones make up 30 to 40 percent of all robberies in major North American cities, accounting for 27,000 thefts.

The same study also shows that employee negligence is the root of many data breaches – this category includes connecting to unsecure wireless networks, downloading and installing unapproved apps, and visiting malicious websites. Mobile Malware can do a lot of harm to a business – information-stealing malware, one of the most prevalent Android malware types can log, steal, and publish almost everything an employee does on their mobile. When half of business leaders say they frequently use the same password for personal web applications as they do for sensitive work applications, it is paving the way for a major data breach.

BYOD also means many IT organisations are not fully aware of which cloud applications are in use across the enterprise, making it difficult for them to monitor and control user access to mission-critical applications and data. With half of all mission-critical applications expected to be running in the cloud by next year, it is vital that companies put in place the right processes to mitigate any risks. Jackie Gilbert, Vice President of Sailpoint, a leading management solutions provider, recently claimed that “Just 34 percent of companies bring IT staff into the vendor selection and planning process when a cloud application is procured without using an IT budget, and more than 14 percent of business leaders said they have no way of knowing if sensitive data is stored in the cloud at all”. It suggests a serious lack of visibility and control that can greatly increase an organisation’s risk of security breaches.

Which apps specifically pose the biggest risk to organisations? Which most frequently violate IT policy? Stay tuned for a special report that we will release on CloudTweaks.com tomorrow.

By Daniel Price

Recovery Experts.png
Answer To Everything.png
Holiday Access.png
The Report.png
Kerry Leigh Harrison
Top Challenges of User Onboarding for Mobile Apps There’s nothing more frustrating than seeing that someone has downloaded your app and then uninstalled it. However, 80% of users will drop an app if they don’t ...
Jim Fagan
Submarine Fiber Life Extension There has been no lack of media attention given to the fact that Big Tech is building private subsea cables. Big cloud providers like Google, Facebook, Amazon and Microsoft have invested ...
Matthew Groves
NoSQL and the Media NoSQL is becoming the must have for organizations needing to manage data in ways that traditional relational databases were just not designed for. What has the industry media been saying about ...
Shireesh Thota
Here’s How to Position Your Organization for the Era of Data Intensity We live in a data-intensive era. Data is booming. Companies are realizing that data is one of the most important assets and they ...
Tosin Vaithilingam
Amid economic uncertainty lies opportunities Lately, it seems that each day brings news of more economic uncertainty. Companies that have been navigating the pandemic for the past two and a half years have been suddenly ...