Contact Us Blog Register Login
PreEmptive -
  • Home
  • Products
    • Application Protection
      • Dotfuscator for .NET
        • Overview
        • Features
        • Compare Editions
        • Xamarin Protection
        • Videos & Resources
        • Pricing
        • Downloads
      • DashO for Android & Java
        • Overview
        • Features
        • Videos & Resources
        • Pricing
        • Downloads
      • JSDefender for JavaScript
        • Overview
        • Features
        • Online Demo
        • Pricing
        • Downloads
      • PreEmptive Protection for iOS
        • Overview
  • Support
    • Product Support
      • Dotfuscator for .NET
      • DashO for Android & Java
      • JSDefender for JavaScript
      • PreEmptive Protection for iOS
    • Resources
      • White Papers
      • Glossary
      • Videos
  • Solutions
    • App Protection Solutions
      • Mobile App Protection
      • Desktop & Server App Protection
      • General Data Protection Regulation (GDPR)
      • Security Development Lifecycle
      • Application Integrity Protection
      • Mobile RASP
      • PCI Mobile Payment Acceptance Security
  • Company
    • About
      • Why PreEmptive?
      • About Us
      • Careers
      • Blog
    • Contact
    • Legal

Keeping Secrets: The Evolving Expectation of App Defense

July 10, 2017 4987 Views Gabriel Torok

Applications drive corporate success. As noted by Business 2 Community, the average American smartphone owner uses more than 10 apps per day and spends over three hours per day connected to the Internet via their mobile device. The problem? Rapidly-expanding app markets combined with easy-to-find hacker kits make the current environment a cybercriminal’s paradise — according to recent Ponemon data, the average cost of a data breach is around $3.62 million and the size of breaches is trending up. It gets worse: According to Gartner, 99 percent of app vulnerabilities exploited won’t rely on new, sophisticated attack vectors, but existing vulnerabilities that infosec pros have seen in the wild for at least a year.

And according to Alex Urbelis, a partner at the Blackstone Law Group who has also been part of the information security community for more than 20 years, it’s not just technology shortcomings that should worry enterprise decision-makers. New laws such as the Defend Trade Secrets Act create legal challenges — while companies now have a private right of action to make claim for damages in federal court if trade secrets are misappropriated, insufficient (or absent) app protection could render this claim null and void.

Here’s a look at the top enterprise app threats and how companies can start better keeping secrets and better protect their intellectual property.

Statistically Speaking

Data and application breaches have become so common that data about their impact is readily available. While this offers a great jumping-off point it’s also a sobering reminder that breaches are now the rule rather than the exception and that no company can afford to ignore the risks associated with their apps (whether mobile, desktop, cloud, web or IOT.)

We conducted an Application Risk Management survey in June of 2017; and you can look for details soon in an upcoming blog. The survey gathered information about their development organizations’ risk management priorities and mitigation strategies.

The survey results indicated that the top 6 application development vulnerabilities were:

  • Data loss or corruption
  • Intellectual Property theft
  • Liability or reputational damage
  • Operational disruption
  • Regulatory or compliance violations
  • Software piracy

Financial factors pertaining to addressing risks are identified in the Cisco 2017 Annual Cybersecurity Report, showing that 35% of security professionals believe budget is the biggest obstacle to adopting advance security processes and technology. Meanwhile, 20 percent of organizations say they lose customers after a breach and 30 percent lose revenue, even as 27 percent of all new, third-party cloud application introduced into corporate ecosystems pose “high security risk”. As a result of the pressures, it’s no surprise that cyber-insurance premiums are now a must-have for enterprises, with premiums set to triple over the next three years.

Simply put? The statistics paint a clear (if bleak) picture: Enterprises want better application security. It’s not always an easy transition, but the longer companies procrastinate the greater the risk.

Pokemon No

While it’s tempting to imagine that all application threats come from highly-focused groups looking to breach valuable targets, according to hacker Robert Barat of infosec radio show Off The Hook, many basic hacking tools “are open source and hosted on GitHub”. This allows users with minimal skill and moderate interest to compromise applications for their own purposes.

Consider last summer’s wildly popular mobile game Pokemon Go. As noted by Barat, developer Niantic was in a rush to get the game out the door, “didn’t implement basic debugger detection software and sent a lot of data unencrypted.” Leveraging simple and freely-available tools users reverse-engineered the product and accessed for-pay in-game services for free. But that’s the just start — lost revenue meant potential job loss and unencrypted data transmission put personally identifiable information (PII) at risk, opening the door for a lawsuit.

Unhealthy Obsession?

And beyond PII data loss there’s also the risk of serious financial harm. As noted by Urbelis, that’s what happened to medical device manufacturer St. Jude Medical, which created an in-home device to connect with patient pacemakers. A company called MedSec reverse engineered the product and discovered how to remotely drain the battery, in turn putting users in potentially life-threatening danger. Then, MedSec sold this information to a stock shorting firm and released the data publicly, earning a huge windfall and causing a freefall for St. Jude stock.

Even more worrisome? The SEC isn’t coming down on companies for this kind of market manipulation, meaning that vulnerable apps and devices could lead to massive financial frustration.

Keeping Secrets

Recent survey data shows that companies recognize a common list of application development vulnerabilities including data loss and corruption, intellectual property theft, operational disruption and liability damage. And yet just 16 percent of enterprises have app controls established in a formal organizational framework — more than 40 percent opt for ad-hoc and reactive defenses.

So how do organizations effectively keep secrets and reduce the risk of application breaches? From a technology standpoint, companies need smart app protection that hardens applications, obfuscates data and offers “nuclear” options against particularly virulent attacks. This type of defense also provides the “reasonable means” necessary to secure trade secrets under the Defend Trade Secrets Act, allowing companies to both satisfy the demands of an increasingly tech-savvy public willing to share PII via mobile devices and pursue malicious actors if they attempt to misuse or misappropriate critical source code, application data or intellectual property.

Bottom line? Applications are critical to compete on a global scale; fiscal and legal security depend on effective and adaptable app protection and defense.

Download a Free Trial Button

Categories

  • Dotfuscator

  • Dotfuscator CE

  • DashO

  • JSDefender

  • Press Releases

  • Mobile Protection

  • Risk Management

  • Support Corner

Latest Blog Posts

Protecting Java applications that use Jackson for JSON



JSON is a standard format for sharing objects and data within an application. When working in Java, there is no built-in support for JSON processing. There are, however, several widely-used libraries and options to choose from. In this article, we will focus on Jackson, which is one of the most popular.

Read more

Protecting C# applications that use AutoMapper



AutoMapper is an object-to-object mapping system used by many of our customers. It aims to simplify and organize code responsible for sharing instance values from an object of one type to an object of a different type.

Read more

Inventa, Wireless Technology Company, Protects their Android Application with DashO



Inventa, a Wireless Technology Company, Protects their Android Application with DashO

The Beginnings of Inventa

Having worked in the wireless mobile technology domain in the US, Anand Virani, became intrigued by the growing tech and wireless trends and wanted to explore the field more for himself. He noticed a boom in the Internet of Things (IoT) and that smartphones were becoming more central to how people interacted with each other at home, in the office, and in public places. What if there was a way phones could connect with each other without the need for Internet or cloud access? Smartphones were the future and Virani was determined to make a profitable business model based on this new trend.

Read more

Surgical Theater Protects their Medical Applications with Dotfuscator



Surgical Theater Protects their Medical Applications with Dotfuscator

How It All Started

How is flying a fighter plane similar to performing neurosurgery? They have more in common than you’d think. In 2005, Monty Avisar and Alon Geri, two Israeli fighter pilots were assigned to work with Lockheed Martin to build a $50 million F-16 Flight Simulator program for the Israeli Air Force to improve hand-eye coordination skills for their pilots during combat. Avisar took on the role of project manager and Geri served as senior engineer; the project was a success.

Four years later in 2009, the two finished their military service in Israel and moved to Cleveland, Ohio. Their experience working in virtual reality applications inspired them to wonder where this technology could also be applied. With several connections to surgeons, the two came to understand the ins and outs of operation procedures; in a similar way, surgeons were also working on a battlefield. What if surgeons could also train like fighter pilots and preview their surgical procedure, much like a fighter pilot could pre-fly their mission? The surgeons could pre-plan the operation from every angle and every approach to increase their situational awareness. And a year later, Surgical Theater was born.

Read more

Integrating DashO into a Maven Build



Maven is perhaps the most widely-used project management tool for Java. Based on the Project Object Model (POM), it is used not only for compilation of source code, but also dependency management, documentation, running tests, packaging, deployment, and more. We are frequently asked if we have a Maven plugin for running DashO. Though we do not offer a specific Maven plugin, adding DashO to your Maven-based project is surprisingly easy by leveraging Ant.

Read more

preemptive logo

767 Beta Dr. Suite A
Mayfield Village, OH 44143

Tel: +1 440.443.7200

solutions@preemptive.com

Latest Blog Posts

Protecting Java applications that use Jackson for JSON

December 30, 2020
Read more

Protecting C# applications that use AutoMapper

November 18, 2020
Read more

Inventa, Wireless Technology Company, Protects their Android Application with DashO

November 10, 2020
Read more

Surgical Theater Protects their Medical Applications with Dotfuscator

October 30, 2020
Read more

GlobalMed Finds Success by Switching to JSDefender

October 21, 2020
Read more

Twitter

@baldbeardbuild @GirlsWhoCode @baldbeardbuild thanks so much for inspiring us to be BUILDERS in our own community!… https://t.co/U6AyqPDhsa Jan 14 • reply • retweet • favorite

Copyright © 2020 PreEmptive

  • Home
  • Contact Support
  • Blog
  • Contact
Scroll to Top

PreEmptive uses cookies to improve the functionality of our website. By using this site, you agree to the use of cookies.