Security: a Top Consideration for Apps

July 15, 2021 - 6 minutes read

Today, nearly every organization is looking to extend their offering though mobile applications in one form or another. From near exponential growth in mobile telehealth applications to innovative medical devices being accessible through mobile applications, we’re finding today that organizations are moving outside their typical model for providing value to their clients, and supplementing their offering with app-based services.

In parallel to this explosive growth in mobile applications that is undoubtedly improving the lives, enjoyment and productivity of people around the world, unfortunately there’s also an ominous industry that is born in parallel to this rise in consumer technology, namely that of cyber theft. From major metropolitan cities such as San Diego, San Francisco and New York, to rural parts of the country, today every individual that shares their information in the digital space is at risk.

To this point, as technology becomes more integrated into our daily lives, we tend to share more and more personal data with these services. From entering personally identifiable information into apps, to entering credit card information for the use of in-app purchases, today’s individual shares their personal information with exponentially more services today, than any other time in history.

All of this data circulating within the application ecosphere, means big money for these cyber criminals. For instance, the sale of stolen personal information on the dark web accounts for an estimated $160 billion per year and ransomware hackers accumulate somewhere around $1 billion collectively each year. And what does this mean for the data owner? In the case of data breach, the data owner’s personal information is often sold allowing the highest bidder to exploit credit card information, social security numbers and other information to be used as a vector for identity theft.

So, is cyber theft going away? Not while the opportunity permits and the financial reward is available.

The Impact on Cyber Attacks on Business

Unfortunately, it’s not only the data owner that suffers during these attacks. Often the business responsible for storing, managing and transiting the data owner’s personal data also suffers financially in the form of fines, customer retribution and brand degradation. Many individuals don’t realize the astounding facts surrounding market losses due to these exploitative data breaches. In fact, the United States has the highest average cost per data breach of $8.19 Million dollars per breach, resulting in an astounding 60% of small businesses closing within six months of an attack. To shed some more light on this topic, let’s look at some common compliance regulations and the associated fines for organizations who fall short in meeting these compliance standards due to how they store, manage and transmit sensitive data.

PCI-DSS: PCI-DSS or the Payment Card Industry Data Security Standard is an information security standard enacted by the major credit card brands and administered by the Payment Card Industry Security Standards Council to oversee and manage how merchants use sensitive credit card information.

PCI-DSS Fines: PCI-DSS fines range from $5,000 – $10,000 per month for a term determined by the Payment Card Industry Security Standards Council. Further, these credit card brands will provide excessive oversight following a compliance failure.

HIPAA: HIPAA or The Health Insurance Portability and Accountability Act of 1996 is a federal law enacted by congress under President Bill Clinton that serves as a national standard to protect sensitive patient health information and protects that patient’s information from being shared or sold without the consent of the patient.

HIPAA Fines: HIPAA fines range from $100 per record violated to $50,000 per record violated. When considering that often many records are compromised in a data breach, the associated fines can add up very quickly. 

How to Move Forward

With today’s business in the cross hairs of both cyber criminals and regulatory agencies, it’s critically important to approach development practices with appropriate caution. This is where dedicated development teams can help. Often, organizations make a critical error in approaching the development of mobile applications. Either, organizations attempt to redirect internal resources to tackle their mobile application development internally or they scale up on new engineering staff quickly to tackle the new resource demand for the given project. 

Unfortunately, this practice can allow new mobile applications to be brought from inception to the app store hastefully, inadvertently missing or disregarding modern security practices. Our suggestion is to strongly consider outsourcing this responsibility to a dedicated mobile app development team who is laser focused on developing applications that not only meet the technical requirements of today’s modern mobile application, but also align with today’s security-first development practices. This simple decision can save an organization money, reduce a strain on resources and ensure new mobile applications are resilient to today’s modern threats.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,