By, Kavitha Srinivasulu, Global Head Cyber Risk & Data Privacy – BFSI R&C - TCS
Kavitha Srinivasulu has around 19+ years of experience focused on Cyber Security, Data Privacy & Business Resilience across BFSI, Financial services, Retail, Manufacturing, Health care, IT Services and Telecom domains. She has demonstrated her core expertise in Risk Advisory, Business Consulting and Delivery assurance with diverse experience across corporate and Strategic Partners. She is a natural leader with versatility to negotiate and influence at all levels. The views and opinions expressed by Kavitha in this article are only from her personal side and not representing her company viewpoints or sharing any of her customer’s views.
Mobile app’s need and usages have increased significantly in Today’s digital age. As they allow us to do everything online with limited dependencies and challenges. We can use the mobile applications for various purposes including online banking, shopping and home appliances. As the usage of mobile applications has increased across the globe, it gave no exceptions for the predators/hackers to target the data on mobile devices which is highly critical and personal. While mobile phones may have made our life easier and more convenient, there has been a rapid increase in mobile threats, and it calls out for a new mobile app security standards & measures to protect the data within the mobile devices. Securing applications and data against exploitation is the key focus for most of the companies as most of the official applications are enabled in mobile devices for ease of use. The key responsibility of an organization is to secure applications and data against exploitation. Whether the mobile app developed is in a small company or a big company, cyber security is of utmost importance to keep all users’ data protected and out of reach for predators.
In mobile apps, the data within the app may be at risk if an organization fails to consider security measures during the app design itself to ensure data protection of the end users. So, developers must be more vigilant while developing the apps for both Android and iOS platforms. Securing mobile devices requires a multi-layered approach and investment in enterprise security solutions to safeguard the network. While there are key elements to mobile device security, each organization needs to find what suits best for its network and invest on the right security controls to build a robust cyber security posture.
User data is like a ransom for cybercriminals, as they can access anything from personal details to debit/credit card details including email passwords and user contact lists. Some individuals have also been fiddled into downloading malicious adware, and at times, they unknowingly subscribe to fake/fraud paid services. Therefore, a lapse in any mobile apps’ security is a challenging scenario for app owners, developers and end users. According to a recent survey, more than 60% of companies reported that an insecure mobile app caused a data breach, and 33% out of them without security controls in place to secure their app against further potential cyber-attacks or ransom ware attacks.
A comprehensive mobile strategy involves not just strategic planning, but also identifying and mitigating roadblocks on the path to mobile project development, establishing strategic objectives and KPIs, and choosing the right security tools and technology. Security plays a vital role in using mobile apps, so it’s crucial to use best practices in protecting the mobile apps against emerging risks and vulnerabilities growing with the technology.
Some of the best practices are,
Secure by Design: One of the best approaches is to integrate security measures by embedding controls right from the DNA of a mobile app. We need to evaluate every possible vulnerability or weakness that a predator could exploit and affect the mobile apps by a data breach or a ransom ware attack. Hence, it is better to build the application by using a secure by design approach.
High-level authentication: Organizations should consider enabling right level of access to the right set of people from the development stage itself. Moreover, it is worth making it so that users change their passwords from time to time. It is also recommended to use a multi layered authentication process to login to sensitive or critical mobile applications to avoid unauthorized external access. The lack of such authentication results in security breaches or critical security incidents.
Improving OS security: By making the OS more difficult to hack, hardening the OS would increase the application security. For example, Apple has been a leader in making its OS opaque for hackers/predators.
Data encryption: Data transfer from end to end is highly vulnerable place to place. At this point, predators can steal vital records influencing the data with weak controls on mobile devices. To avoid such situations, encrypting the data on transit and at rest would help. There are many cryptography techniques now. They are grouped into shared-key cryptography and public-key cryptography algorithms. Depending on the amount of data transferred, the required security measures are applied to simplify and secure the data.
API security: API is one of the most useful tools for the mobile application developers. The data from app can be secured through APIs, and even data transfer can be made safer through an SSL with 256-bit encryption.