Skip to main content

App security: The most overlooked cybersecurity measure

It’s hard to imagine how we’ve ever lived without apps. Whether it’s for work or for play, apps are becoming invaluable in the information they can supply us and the entertainment they can grant us. But app security is something not a lot of people consider when they install a new program or download a game.

And this is exactly what hackers are hoping for – that you’ll overlook the fact that you’re potentially opening a back door to all of your personal and sensitive information. That app may have given you a few minutes of fun, but the breach of your data could have long-lasting consequences.

As a business owner, your company’s cybersecurity should be of the utmost importance. So how do you prevent hackers from gaining access through application security breaches? The answer is education – both for yourself and your staff. Cybercriminals are always looking for ways to take advantage of the system, so be sure you know where and how to stop them before they can get in.

Why app security is crucial

Businesses both large and small know that any sort of digital presence needs the proper cybersecurity. A leak of sensitive information or financial data is any company’s worst nightmare, and it feels like more and more stories about credit card hacks are popping up in the media every year. You can guarantee that the affected businesses put at least some effort into protecting their online assets – but one area they might have missed was the security of the applications they use.

'Organizations spend somewhere between 45 and 50 billion dollars on security but [a] very small percentage is focused on applications,' says an article at Forbes. The article also notes that eighty four per cent of cyberattacks happen on the application layer – a number that’s uncomfortably high, especially if you’re suddenly wondering just how good your application security is right now. The article goes to on quote Rik Turner, senior analyst on Ovum’s Infrastructure Solutions Team, as saying, 'You can go online, find a little piece of software that’s been used many times before, make a couple of little tweaks in it so that it performs differently making it very difficult to detect when it’s doing its mischief, and away you go.'

Are you creating your apps in-house?

It could even be something as seemingly innocuous as a flawed app design. If your company chooses to create an app in-house, there’s a greater chance that you’ll be able to be hands on in the design and maintain quality control over the source code. However, if you leave app programming to an outside vendor, you might be opening a window to hackers – sometimes intentionally, sometimes not.

'With time-sensitive schedules, developers are also likely to assemble applications from hybrid code -- obtained from a mix of in-house development, outsourced code, and third-party or open-source libraries,' explains an article at MIT, 'During this mash-up process, critical vulnerabilities can be copied, overlooked, and implemented into production code.' So even if the app designers didn’t mean to create vulnerabilities in the code, it’s all too easy to miss a step, especially when under pressure to deliver – and that’s exactly what hackers are counting on.

How to prevent app hacking

As mentioned above, when you’re the business owner, ensuring that application design is thorough and complete is an absolute must. The moment that you push out an app with vulnerabilities is a moment that can wreck your company’s reputation, and potentially lose consumers’ trust in your brand. If you’re looking to hire outside vendors to design an app for your business, be sure to thoroughly research past work, ask to see portfolios, and gather recommendations from colleagues. It’s best to choose app designers you trust – and ones that will take the time to do a meticulous job rather than a piecemeal one – in order to get a quality product.

Consistent application evaluation is also key to ensuring that all potential holes are patched up. A piece on web application security at eSecurity Planet points out that performing tests on applications to find security flaws was highly successful: 'Feeding vulnerability results back to development teams through established bug tracking or mitigation channels was the activity that yielded the best result across the three key metrics… Organizations that did this reported 40 percent fewer vulnerabilities than the average, fixed them nearly a month faster and increased remediation rates by 15 percent.'

The article continues to say that communication between teams is vital to preventing cybersecurity problems, particularly when it comes to development and security teams.

As for those two teams, when you’re the business owner, it’s valuable to keep both your developers and security aware of the most up-to-date risks and flaws in applications. The eSecurity Planet piece uses the examples of content spoofing, fingerprinting, and cross-site scripting, noting that although instances of those risks were high ten years ago, now that teams are aware of the problems, they’re showing up less and less.

More awareness means less vulnerability, so make sure your team has access to the most current risks – and fixes – associated with application security. It’s worth passing along OWASP’s Top 10 list of coding vulnerabilities that should be tended to, including security configuration, cross-site request forgery, and unvalidated redirects and forwards, among others.

With so many areas of business at risk of cybercrime, it can be easy to overlook even the smallest of vulnerabilities. But all it takes is one faulty application to create the perfect back door entrance for hackers, and before you know it, your company and brand are tarnished by a security breach. Whether you’re pushing out an application that was created in-house or via outside vendors, make sure you’ve got all your bases covered with a strong, secure build and a reliable team behind it. It could spare you a potential disaster down the line.

Eric Basu, President & CEO of Sentek Global