Mobile Sites and Apps Still Leaking Sensitive Data

Recent research into the security of mobile data reveals that sensitive leaks are on the rise. The number of apps and sites failing in credit card security has increased by 17% for the first three months of 2016, compared to the last quarter of 2015, according to figures in the latest Wandera Mobile Data Report.

The report also found that there was a massive 200% increase in user visits to malicious or compromised domains. This is raising concern that the ad frameworks employed in sites and apps are vulnerable to the insertion of redirects which carry the user to a hazardous domain. Despite the raised awareness of users concerning phishing, for example, users are being caught off-guard by compromises in trusted apps. CIOs (Chief Information Officers) are being urged to bring this threat to the attention of employees, with instruction on how to spot an ad that is possibly compromised. The increasing use of social media platforms by staff to share business files makes either strict enforcement policies or limited file-share vital in light of these figures.

Another aspect of mobile working practice is that out of the top ten apps for data consumption used on enterprise devices, half of these were non-work related such as WhatsApp, Twitter, Instagram and Facebook. Aside from the potential compromise threat, use of these apps is swallowing “huge portions of corporate data allowances, leaving an enterprise at risk of bill shock“, says Aldar Tuvey, CEO of Wandera.

A more positive finding is that encryption use has risen by by 21% in the last year; now 70% of data from apps is encrypted. Browser data encryption has also risen by 13%. This is a result of the increase in the market demand for increased privacy and security. One bright aspect of the report is that it shows that users are starting to become more aware of mobile threats.

PandaLabs technical director Luis Corrons explains that tech companies have been aware of the market for a while, though implementation complexity of harder encryption has delayed a universal roll-out. With the increased demand for tighter security, this implementation is sure to accelerate.

He commented, “If we want to implement good layered security, one of these layers is undoubtedly encryption to all processes that work with critical information such as credentials, confidential documents, communications, etc. It will increase our security and is a must if we are possible targets of a cyber-attack – which is pretty much all companies these days.”

Two aspects of this report should be considered together: in an enterprise capacity, if the volume of non-work-related app use continues to rise – AND is more highly encrypted – this will cause a dramatic increase in cost for corporate data use…

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.