Application initiatives and programs are getting good at getting down to where an organization’s data lives and protecting it against threats, but that is only one piece of the security puzzle. With , resources, and people available to tackle security, organizations prioritize what gets protected.
“For instance, an organization may develop 100 different . Since it is not always cost-effective or time-efficient to come up with a customized security plan for each application, only the applications considered critical receive top priority, maybe five or six of them, and the remaining 95 or so are deprioritized in terms of security” according to Chad McDonald, chief information officer, and chief information security officer at, a software solutions provider. “That doesn’t mean those 95 applications don’t require protection; it just means that the risk is somewhat lower,” he noted.
McDonald explained that this lack of resources and forced prioritization endpoint security. Endpoint devices. These devices are often connected to highly vulnerable data, including banking information, , and medical records and equipment. According to a recent report, a majority of all financial applications are vulnerable to basic reverse engineering that validate whether or not an application is running in a safe environment.
“There is a whole on your mobile device or is accessed via your mobile device via an application,” said McDonald. “We haven’t yet seen security controls get pushed down broadly to that point.”
It’s difficult to tackle mobile endpoint security when several different are used to make up an application. are constantly evolving and being refactored, making things more complicated and tolling application security. But mobile endpoint security cannot be ignored or only applied to the more business-critical applications. McDonald explained that even those “lesser important applications” can still touch other parts of the .
“The bad guys only have to be right once. They only have to get into one app,” he said. “You very rarely see an attacker come indirectly through the system they’re trying to attack. More often, they attack a vulnerable system, gain some level of control inside the perimeter, and then pivot to something more critical.” In a mobile app, that would translate to a hacker applications, looking for ways to jump into a more relevant system or elevating privileges from a user to an administrator, and interrupting operations or shutting down the server.