Mobile marketing has never been easier: GPS-enabled apps provide essential location data, allowing marketers to target users in certain areas with specific promotions. However, professionals in this area often forget that mobile apps and sites can fall victim to cybercriminals at any time. The smallest vulnerability in an app’s coding can enable hackers to transmit the location and even personal data from a user’s device to a remote server.
Mobile Malware: A Serious Threat
According to a 2016 report by Nokia, malware attacks are now more common on mobiles than desktops. Using malware detection technology deployed across 100 million devices, Nokia found that smartphones now account for 60% of malware attacks.
Possibly the most (in)famous incident in recent months came with the HummingBad malware. Reportedly originating in China, the malicious code found its way into at least 10 million Android devices. Since the advent of smartphones, the general consensus has been that Android devices are more vulnerable than their iOS counterparts. The HummingBad incident certainly struck a blow to the platform’s security credentials, but it’s not all one-way traffic anymore.
After a wave of increasingly sophisticated attacks, iOS devices have also been under scrutiny in recent times. Indeed, the equally famous XcodeGhost managed to find its way into the App Store through a series of poorly coded apps. Although the offending items were later removed, it went to show that iOS devices can be just as vulnerable as Android.
Understanding Web Application Security
As defined by Incapsula, web application security is the process of protecting online services against threats which exploit “vulnerabilities in an application’s code.” To implement an effective security regime, app developers need to understand the latest web application vulnerabilities. Using OWASP’s list of common threats, Incapsula suggests that SQL injections, remote file inclusion, cross-site scripting and cross-site request forgery are the most serious dangers to web applications.
Using this as a basis, any company with an online and mobile presence should be looking to deploy a range of techniques to block the flow of malicious traffic. Web application firewalls (WAFs) are one of the most effective methods as they not only work with existing systems, but they provide an active barrier that’s constantly monitoring the credentials of inbound traffic to a network.
The features offered by WAFs are perfectly suited to protect apps and their users. Indeed, by harnessing the power of a constantly updated signature pool, WAFs can instantly identify bad actors. In addition, the ability to leverage reputational and behavioral data means that WAFs can gain industry-specific insights into incoming traffic and, therefore prevent new threats from penetrating the system.
Maintaining Consumer Confidence
The combination of features offered by WAFs helps to secure mobile web applications and shouldn’t be overlooked if you’re running a business. Don’t forget that building and maintaining consumer trust should always be one of your top priorities.
Although the analysts at the Ponemon Institute have calculated the cost of a security breach to be $158 per lost record on average, the equation doesn’t stop there. When you consider the damage to a company’s reputation after a hack goes public, this cost dramatically increases. Of course, it’s possible to rebuild a brand’s image through clear and open communication about the security breach, but the reality is that it’s tough for companies to fully recover.
In essence, a vulnerable mobile app is not only a danger to a company’s bottom line, but its reputation. And without a solid reputation, a company’s day are numbered.