Each October, both the U.S. and Europe dedicate the month to cybersecurity awareness. National Cybersecurity Awareness Month in the U.S.(abbreviated as NCSAM) and Cybersecurity Month in the EU are designed to increase business and consumer knowledge around how to stay secure online.
The U.S. event is organized by a combination of government and industry players, with the goal of increasing awareness about the value of cybersecurity and ensuring that businesses and consumers have the information and resources they need to stay safe online. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) co-lead NCSAM each year.
In their words, “NCSAM 2019 emphasizes personal accountability and stresses the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and e-commerce security.”
At Guardsquare, we are all-in on the importance of protecting intellectual property and other valuable assets from hacks and leaks, particularly when it comes to mobile applications. Regardless of where your business is situated, October is a good opportunity to evaluate where you stand when it comes to mobile app security and to identify areas for improvement.
NCSAM offers a Toolkit that organizations can use to promote cybersecurity initiatives and drive their focus. Our team homed in on one particular aspect of this year’s theme: Own It. Here is how the NCSAM explains this aspect:
“Understand your digital profile. Internet-based devices are present in every aspect of our lives: at home, school, work, and on the go. Constant connection provides opportunities for innovation and modernization, but also presents opportunities for potential cybersecurity threats that can compromise your most important personal information. Understand the devices and applications you use every day to help keep you and your information safe and secure.”
While this language is geared primarily toward end-users, it should serve as a conversation starter internally at businesses, especially those who develop mobile apps.
The reality is that most businesses today do not provide sufficient protection for mobile applications. This puts consumers and end-users at risk, of course, but it’s also a significant liability for the business itself. Whether you are a financial services organization with access to sensitive PII and financial details, or a media organization that must protect copyrighted materials, mobile app security should be a big part of your overall security and privacy plan.
It can be overwhelming to know where to start when it comes to mobile app security, so here are three areas where most businesses could stand to make improvements. This can serve as a useful jumping-off point to focus on mobile app security improvements.
There are a lot of misconceptions swirling around out there about the nature of security on Apple’s mobile app platform, iOS. In fact, many developers believe that Apple apps are essentially immune to hacks, and thus don’t require any protection beyond Apple’s code signing mechanism. Unfortunately, as recent iOS hacking incidents indicate, more security is needed.
Consider evaluating your iOS app security strategy this fall to determine whether your organization is adequately protected. To get started, here are the three most common misconceptions about iOS security
App Store code encryption alone is enough
iOS Apps are very hard to reverse engineer
Apple’s code signing mechanism prevents code tampering and re-distribution
It is crucial to take a multi-layered approach to mobile app security, because hackers do the same on their end. Security techniques should include various types of code hardening, including obfuscation and encryption, as well as runtime protection mechanisms (RASP) such as root/jailbreak detection and tamper detection. These layers of security reduce the odds that a hacker will succeed with a mobile app attack.
Most businesses today struggle to maintain control over their intellectual property and other forms of sensitive, business-critical data, especially in today’s post-perimeter world. In particular, many businesses do not have a robust strategy to protect mobile apps against IP theft. Valuable source code can be stolen, as well as copyrighted materials, sensitive customer data, and more. As dire headlines demonstrate, this data loss can cost businesses millions or even billions of dollars in lost revenues, fines, and reputational damage. This is why it’s key to build a strong mobile app security strategy to prevent IP theft.
National Cybersecurity Awareness Month is a perfect reminder that businesses must continually assess their risk profiles and strive to improve their security postures. In a world increasingly driven by mobile, having a strong plan in place to prevent IP theft, data loss, and other business-crippling outcomes is not a nice-to-have, but a must-have.