Application security, Endpoint/Device Security, DevSecOps

Security pros say mobile apps are ‘essential’ or ‘absolutely core’ to their business success

A person scans and downloads an app to start the process of converting their physical driver license to an official digital version to be stored on a mobile phone at a Harmons Grocery store on Aug. 4, 2021, in Salt Lake City, Utah. (Photo by George Frey/Getty Images)
Three out of four security pros say mobile apps a new "essential" to their success, Osterman Research found on behalf of Approov. (Photo by George Frey/Getty Images)

Osterman Research on behalf of Approov released a report on Thursday that found some three out of four security pros say that mobile apps are now “essential” or “absolutely core” to their success — a number that’s three times higher than two years ago.

The report also found that 75% of organizations report that run-time attacks against APIs that render mobile apps non-functional have proven costly to these businesses. Attacks include data theft and service interruption via API abuse, fake account creation, and credit card fraud.

In another important finding: 60% say that they don’t have visibility into runtime threats against mobile apps and APIs. And, roughly 50% said that for competitive reasons, their organizations may ship apps with known insecurities.

"We found that corporate reputation, customer trust, company value, regulatory breaches, and revenue are all now intricately linked to mobile apps and APIs,” said Michael Sampson, a senior researcher at Osterman Research. “But three out of five organizations do not allocate sufficient resources for developing secure mobile apps and APIs.”

Shawn Surber, vice president of solutions architecture at Tanium, said mobile apps represent a significant risk to the theft of data and this research highlights the continued need to build-in security from the foundation for all technology solutions. Surber said to effectively protect both internal and customer data, organizations need to continue to stay thoughtful about the implementation of new technologies, especially those developed by outside developers to ensure that they are built with proper security per OWASP and other standards.

“In these difficult economic times there can be an impetus to rush new competitive capabilities to market, but the potential for data loss and brand damage far outweighs the short-term benefits of being the first to market,” Surber said. “Because of the proliferation and value of mobile apps, companies need to treat them with the same strict standards they apply to their internal IT resources. Having full visibility and control over those avenues of attack is as important as maintaining that same visibility and control over all managed devices whether on campus or working remotely.”

Hank Schless, senior manager, security solutions at Lookout, said mobile apps are core to customer attraction and retention for most service-based organizations. Schless said whether it’s a bank, a healthcare provider, retail shop, or social media network, these companies need a mobile app to keep customers engaged with the brand and product. 

“Just having an app isn’t always enough,” Schless said. “Customers expect to have an enjoyable experience in the app, which means developers are constantly pushing new updates and features. As those features and updates are developed, security isn’t always updated in tandem. This needs to change.”

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.