Security Market Segment LS
Thursday, 19 January 2017 11:40

Organisations ‘ill-prepared’ to defend against mobile, IoT application security threats Featured

Organisations ‘ill-prepared’ to defend against mobile, IoT application security threats Image courtesy of Stuart Miles at

Many organisations are ill-prepared to defend against mobile and IoT application security threats, according to a study from the Ponemon Institute, IBM Security and application protection provider Arxan Technologies, which shows that 60% of organisations have already experienced a data breach caused by an insecure mobile app.

And, the joint report reveals that, despite widespread concern about the security of mobile and Internet of Things (IoT) applications, organisations are ill-prepared for the risks they pose.

The report also shows that even with the growing occurrence of data breaches in organisations, 44% are taking no steps to protect their apps.

Mandeep Khera, chief marketing officer of Arxan Mobile and IoT, says applications are distributed, out in the wild, and are easy targets for hackers.

According to Khera, while mobile apps have been around for some time, most companies have not protected the binary code on these apps, which allows for an easy entry for hackers.

And, he says, in contrast, IoT is new and growing at a record pace, and while various components of the IoT infrastructure are vulnerable, apps with embedded software in gateways and the cloud are at a greater risk.

“The numbers don’t add up. While 60% of respondents confirm that their organisation has already experienced a data breach caused by an insecure mobile app, and more than half are very concerned about likelihood of an attack, 44% are taking no steps to protect their apps,” Khera says.

“The laissez-faire attitude toward the security of mobile and IoT applications needs to come to an end and organisations must start emphasising security in the development process in order to prevent a detrimental attack. One breach can set a company back dramatically in brand damage, financial loss and recovery costs. You have to think of the old idiom – penny-wise, pound-foolish.”

Key findings of the study include:

•    Many organisations are worried about an attack against mobile and IoT apps that are used in the workplace.

Organisations are having a more difficult time securing IoT apps. Respondents are slightly more concerned about getting hacked through an IoT app (58%) than a mobile app (53%). However, despite their concern, organisations are not mobilising against this threat. Forty-four percent of respondents say they are taking no steps and 11% are unsure if their organisation is doing anything to prevent such an attack.

•    Material data breach or cyber attacks have occurred and are reasons for concern.

Sixty percent of respondents know with certainty (11%), most likely (15%) or likely (34%) that their organisation had a security incident because of an insecure mobile app. Respondents are less certain whether their organisation has experienced a material data breach or cyber attack due to an insecure IoT app. Forty-six percent of respondents say with certainty (4%), most likely (11%) or likely (31%).

•    The risk of unsecured IoT apps is growing.

Respondents report IoT apps are harder to secure (84%) versus mobile apps (69%). Additionally, 55% of respondents say there is a lack of quality assurance and testing procedures for IoT apps.

Only 32% of respondents say their organisation urgently wants to secure mobile apps and 42% of respondents say it is urgent to secure IoT apps.

“Factors revealed in this study may help to explain the lack of urgency,” said Dr. Larry Ponemon, chair and founder of Ponemon Institute.

“Respondents voiced minimal budget allocation, and those responsible for stopping attacks are not in the security function, but rather other lines of business. Without proper budget or oversight, these threats aren’t being taken seriously and it should come as no surprise for mobile and IoT applications to be the culprit of major data breaches to come.”

The study also found that only 30% of respondents say their organisation allocates sufficient budget to protect mobile apps and IoT devices and, if they had a serious hacking incident, their organisations would consider increasing the budget (54% of respondents).

Other reasons given to increase the budget are if new regulations were issued (46% of respondents) or media coverage of a serious hacking incident affecting another company occurred (25% of respondents).

"Mobile and IoT applications continue to be released at a rapid pace to meet user demand. If security isn't designed into these apps there could be significant negative impacts,” said Diana Kelley, global executive security adviser, IBM Security.

“Organisations are at risk and cyber criminals know where the soft spots are. Raising awareness of application security in the enterprise is a critically important first step toward a more secure future for businesses and consumers.”


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments