Businesses worried about hacks via mobile and IoT - but aren't doing much to stop them

Businesses are worried about how easily they could be hacked by cyberattacks exploiting the poor security of mobile and Internet of Things (IoT) applications - but many aren't taking any action to combat the threat.

Despite widespread concerns about the security of mobile and IoT applications, a report from the Ponemon Institute, IBM Security and Arxan says that organisations are nonetheless rushing ahead with deployment of these technologies.

It comes shortly after the World Economic Forum listed IoT hacking as one of the key challenges facing the world this year.

According to the 2017 Study on Mobile and Internet of Things Application Security, most companies haven't protected themselves against the threats posed by mobile apps, even though smartphones have been a permanent fixture in many businesses for years.

For example, in the belief that it's something else, a user could inadvertently download a malicious app onto their smartphone, which then infiltrates their organisation's entire corporate network due to the user being connected to company Wi-Fi.

It is threats like this which mean 53 percent of respondents to the poll are worried that their organisation could be hacked via a mobile application - and why 60 percent admit that it's likely their organisation has experienced a data breach or a cyberattack initiated through a mobile app in the last 12 months.

Given how the cybersecurity issues surrounding smartphones, it's perhaps it's no wonder that organisations are worried about the potential threats posed by insecure IoT products.

These connected devices, ranging from personal assistants, to sensors controlling infrastructure ranging from lightbulbs to powerplants have often been rushed out by the developers who've demonstrated little consideration for security in their products: 58 percent of those who responded to the Ponemon survey say they're worried about their organisation getting hacked through the IoT. But 44 percent of those surveyed said their organisation is taking no steps to prevent these types of attack, while an additional 11 percent said they weren't sure if their employer was taking action or not.

Where does this lack of urgency to secure mobile applications come from? Like most things in business, it comes down to money.

"Respondents voiced minimal budget allocation, and those responsible for stopping attacks are not in the security function, but rather other lines of business. Without proper budget or oversight, these threats aren't being taken seriously and it should come as no surprise for mobile and IoT applications to be the culprit of major data breaches to come," said Larry Ponemon, founder of Ponemon Institute.

The study surveyed 593 IT and IT security professionals across the globe, ranging from senior executives to general staff.

READ MORE ON CYBERCRIME

• Smart gadgets need security. Startups, that's your cue [CNET]
• History repeating: How the IoT is failing to learn the security lessons of the past
• Here are the biggest IoT security threats facing the enterprise in 2017 [TechRepublic]
• The first big Internet of Things security breach is just around the corner
• Inconsistent IT policies create BYOD risks, wearable security lags behind smartphones and laptops