Do Organisations Face A Security Risk From Apps?

Yesterday we looked at the growing area of Shadow IT within organisations. We concluded that even though Shadow IT has the potential to be a force for good, there is still a significant threat posed by the usage of apps that do not align with a company’s security, compliance, reliability, documentation or control.

How much of a threat do mobile apps now pose? Is it true that a small device used incorrectly could rapidly become the biggest security hole in a company? The advent of BYOD certainly opens up companies to threats that may slip through the network cracks because of employee negligence or lack of understanding.

Companies need to understand that a BYOD culture will inevitably open them up to security challenges. For example, the 400+ million Android devices in operation doesn’t only mean big money for Google but also means big money to app makers, and unfortunately, criminals. However, although surveys in all industries regularly show criminals will target the companies, systems and platforms with the most users, who is actually more of a threat to an organisation, criminals or employees?

According to a Ponemon Institute study, a company’s own employees are certainly the biggest threat to company data – they say one third of all data breaches are internal and accidentally caused by workers. Employees risk losing data when their devices are stolen or not sufficiently secured from data-stealing malware – for example, it is predicted that only 20% of Android-based devices have security apps installed, while smartphones and cell phones make up 30 to 40 percent of all robberies in major North American cities, accounting for 27,000 thefts.

The same study also shows that employee negligence is the root of many data breaches – this category includes connecting to unsecure wireless networks, downloading and installing unapproved apps, and visiting malicious websites. Mobile Malware can do a lot of harm to a business – information-stealing malware, one of the most prevalent Android malware types can log, steal, and publish almost everything an employee does on their mobile. When half of business leaders say they frequently use the same password for personal web applications as they do for sensitive work applications, it is paving the way for a major data breach.

BYOD also means many IT organisations are not fully aware of which cloud applications are in use across the enterprise, making it difficult for them to monitor and control user access to mission-critical applications and data. With half of all mission-critical applications expected to be running in the cloud by next year, it is vital that companies put in place the right processes to mitigate any risks. Jackie Gilbert, Vice President of Sailpoint, a leading management solutions provider, recently claimed that “Just 34 percent of companies bring IT staff into the vendor selection and planning process when a cloud application is procured without using an IT budget, and more than 14 percent of business leaders said they have no way of knowing if sensitive data is stored in the cloud at all”. It suggests a serious lack of visibility and control that can greatly increase an organisation’s risk of security breaches.

Which apps specifically pose the biggest risk to organisations? Which most frequently violate IT policy? Stay tuned for a special report that we will release on CloudTweaks.com tomorrow.

By Daniel Price

Threat Security
Azure Red Hat OpenShift: What You Should Know What Is Azure Red Hat OpenShift? Red Hat OpenShift provides a Kubernetes platform for enterprises. Azure Red Hat OpenShift permits you to deploy fully-managed OpenShift clusters in ...
Dana Gardner
Just as cloud computing initially seeped into organizations under the cloak of shadow IT, application programming interface (API) adoption has often followed an organic, inexact, and unaudited path. IT leaders know they’re benefiting from APIs -- ...
Gary Bernstein
Secure Remote Authentication When employees are working remotely, they need to be able to access company resources and applications just as if they were in the office. This means that remote authentication needs to be ...
Gilad David Maayan
Cloud Security Posture Management Cloud Security Posture Management (CSPM) enables you to secure cloud data and resources. You can integrate CSPM into your development process, to ensure continuous visibility. CSPM is particularly beneficial for DevOps ...
Jonathan Custance
IoT –  Part of Your Essential Kit Jonathan Custance, Co-Founder of Green Custard outlines how industrial organisations can leverage IoT to dramatically reduce their carbon footprint  Technological progress and environmental sustainability have always been at ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.