Do Organisations Face A Security Risk From Apps?

Yesterday we looked at the growing area of Shadow IT within organisations. We concluded that even though Shadow IT has the potential to be a force for good, there is still a significant threat posed by the usage of apps that do not align with a company’s security, compliance, reliability, documentation or control.

How much of a threat do mobile apps now pose? Is it true that a small device used incorrectly could rapidly become the biggest security hole in a company? The advent of BYOD certainly opens up companies to threats that may slip through the network cracks because of employee negligence or lack of understanding.

Companies need to understand that a BYOD culture will inevitably open them up to security challenges. For example, the 400+ million Android devices in operation doesn’t only mean big money for Google but also means big money to app makers, and unfortunately, criminals. However, although surveys in all industries regularly show criminals will target the companies, systems and platforms with the most users, who is actually more of a threat to an organisation, criminals or employees?

According to a Ponemon Institute study, a company’s own employees are certainly the biggest threat to company data – they say one third of all data breaches are internal and accidentally caused by workers. Employees risk losing data when their devices are stolen or not sufficiently secured from data-stealing malware – for example, it is predicted that only 20% of Android-based devices have security apps installed, while smartphones and cell phones make up 30 to 40 percent of all robberies in major North American cities, accounting for 27,000 thefts.

The same study also shows that employee negligence is the root of many data breaches – this category includes connecting to unsecure wireless networks, downloading and installing unapproved apps, and visiting malicious websites. Mobile Malware can do a lot of harm to a business – information-stealing malware, one of the most prevalent Android malware types can log, steal, and publish almost everything an employee does on their mobile. When half of business leaders say they frequently use the same password for personal web applications as they do for sensitive work applications, it is paving the way for a major data breach.

BYOD also means many IT organisations are not fully aware of which cloud applications are in use across the enterprise, making it difficult for them to monitor and control user access to mission-critical applications and data. With half of all mission-critical applications expected to be running in the cloud by next year, it is vital that companies put in place the right processes to mitigate any risks. Jackie Gilbert, Vice President of Sailpoint, a leading management solutions provider, recently claimed that “Just 34 percent of companies bring IT staff into the vendor selection and planning process when a cloud application is procured without using an IT budget, and more than 14 percent of business leaders said they have no way of knowing if sensitive data is stored in the cloud at all”. It suggests a serious lack of visibility and control that can greatly increase an organisation’s risk of security breaches.

Which apps specifically pose the biggest risk to organisations? Which most frequently violate IT policy? Stay tuned for a special report that we will release on CloudTweaks.com tomorrow.

By Daniel Price

Anita Raj

Can the cloud handle the streaming explosion caused by the pandemic?

The Streaming Digital Explosion From the time the coronavirus forced the global community to stay at home, a whopping 16 million people have newly subscribed to Netflix, which is more than double the number the ...
Juan Pablo Perez Etchegoyen

The S/4 HANA Decade is Here: Three Tips for a Successful Migration

Three Migration Tips For organizations using SAP, migrating to S/4 HANA is a project that’s either in the works or on the horizon as the 2027 deadline for completion looms. The new generation of SAP ...
Hacker Cloud

Pandemic and Cybersecurity: Top Threats to Businesses

Pandemic and Cybersecurity The worldwide spread of the COVID-19 virus is coming to naught (or at least we hope so). But the impact that this virus produced on the whole world, and specifically on businesses, ...
Sangeeta Chhabra

Leverage DaaS To Solve Challenges of Remote Work

Solve Challenges of Remote Work In the past one year of Coronavirus (COVID-19), we have seen it all: An ailing world economy, dramatic changes in the political structure of many countries, and, most prominently, a ...
Jen Klostermann

Enterprises Starting To Embrace Blockchain-as-a-Service (BaaS)

Blockchain as a Service (BaaS) Many global companies have already implemented Blockchain-as-a-Service (BaaS) into their cloud offerings. There isn't any question that offering BaaS can serve as a differentiator for many companies. Not to mention, ...
Digital Theft

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications (Updated August 11th, 2020) IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading IT enterprises have been affected by Cross-Site Scripting (XSS) attacks in ...