Mobile Application Protection Increases Profits
Published on July 9, 2020 by Alexander Goodwin
Application security can often be viewed by development teams as a time-consuming barrier to finishing a project. In a world where “time equals money”, the rush to ship functional applications can overshadow the need to ensure those applications are secure. It is true — features are what sell software and fixing bugs retains customers and loyalty. Both actions can be directly linked to revenue and profitability. So, what effect does an investment in application security have on a company’s bottom line?
Upfront Investment = Long-term Benefit.
“Secure by Design” is the idea of developing an application that is self-protecting and resistant to outside attacks. In this approach, security is built in the system from the ground up and starts with the architectural design. Security tactics provide necessary authentication, authorization, confidentiality, data integrity, privacy, accountability even when an application is compromised.
Let’s compare creating an application to constructing a house. The foundation a house is built on will fundamentally affect the “life” of the house for as long as it stands. Cutting corners, or creating unstable frameworks will certainly cause damage and more work down the line.
In application development, the same concept applies. By adding in protection features during the development phase – obfuscation transforms, runtime self-protection – an organization is protecting itself from vulnerabilities in the future. By weaving security into the architecture of a project, an application, much like a house, will reap the benefits of “doing it right” from the very beginning.
In an article published by Larry Smith in 2001, the concept of “Shifting Left” was explored. Shifting Left is a way to test the quality and security components of applications earlier in the development process. By uncovering defects sooner, fixing them was both easier and less expensive. The Ponemon Institute concluded in a study that if vulnerabilities were detected early in the development process, the cost to fix would average around $80. However, the same vulnerabilities would cost about $7600 to fix if detected during the production stage. The ultimate cost occurs once an app is released into the world. IBM concluded in their published “Cost of Data Breach Report” the average cost of a data breach in the US is over 8 million dollars.
You Only Need to be Hacked Once
We insure our homes, not because we expect to have break-ins or house fires, but because in the event that we would, the effect would be catastrophic. The same logic applies to application protection. Perhaps an organization’s app will never draw the attention of a bad actor and exposing an organization’s source code will never cause a data breach… but what if it does. Organizations have a responsibility to protect user data.
Using developer time and resources to add “optional” layers of safety may seem like a luxury, but in the event of a breach, it would appear to be an obvious mistake if it wasn’t completed. If an unprotected application is reverse engineered or sensitive data compromised… the entire integrity and brand of an organization will be marred. The company will also lose money.
- MyFitnessPal, an app created by Under Armour disclosed a data breach affecting 1.3 million account users. As a result, Under Armour’s stock promptly dropped 3.8%.
- British Airways was fined $230 million after approximately 380,000 card payments were compromised. The security breach occurred on the company’s website and mobile app in 2018.
- 7-Eleven’s app ” 7-pay” was hacked within days after its launch in Japan. 900 users had their financial data compromised, and $510,000 had been stolen in July of 2019
It Pays to be On Top of Your Application Security
Staying ahead of potential issues before they occur is the first ingredient in the recipe for success. An investment in preventative measures early on can have quantifiably large returns in the end. At PreEmptive, our customers are all companies that feel the responsibility to provide security to the end-users of their products. Whether they are protecting personal data stored in medical device applications or financial information on banking apps, we are proud of the role our products play in their security strategies.
A company’s success is determined not just by how aggressive their go-to-market strategy is, but by how viable their product is once it hits the market. It is in the interest of every organization to arm their applications with as many defenses and safeguards as it can. Profits are not only determined by how much or quickly something is sold, but on the expense and loss if something happens to it.
Read a case study on how a customer found success with PreEmptive Protection after a failed penetration test.