Many experts say mobile devices such as smartphones and tablets will replace the PC. Some think this will take a matter of months; others would say a few years. I would argue that both camps are wrong: I believe it has already happened.

“But wait, Eitan! People are still using their laptops — they use them in their office, for doing homework, and you probably used one to write this blog post.” This is true. Like many others, I still use my laptop for work, writing papers or creating blog posts, but I use it much less than I did just a year ago.

The smartphone actually replaced many of my other products, not just the PC. It became my camera, MP3 player, portable video game console, newspaper — and for some, it even replaced the TV. This is why the idea of mobile first was so easily accepted in the industry and why everyone invests in building mobile apps for their business.

It gives you a lot of power when your application is installed in your consumer’s or employee’s phone, regardless of whether your app is focused on social, financial, e-commerce or even health care. Once you push a message, they will check it; most will even do it within minutes. They take your business everywhere.

With Great Power Comes Great Responsibility

If there is something you can be sure of in this industry, it is that the more successful you get and the more people use your application, the more cybercriminals will try to attack it. When your app gets compromised, your business can be catastrophically impacted. According to the “2015 Cost of Data Breach Study” from the Ponemon Institute, the average organizational cost of a data breach in 2015 was $3.8 million.

If a data breach isn’t bad enough, let me share another scary scenario: Vulnerabilities in your application can actually introduce additional risk to your users’ privacy. These vulnerabilities may potentially allow a malicious attacker to take advantage of permissions given to your application to gain access to other areas of the phone. One can only imagine the reputational damage that a business will suffer if users’ private details and pictures are leaked out of their phones via an application flaw.

The Wild West of Mobile Application Security

Once you distribute your application through app stores, you’ve literally placed a part of your business in the hands of your consumers. You have allowed everyone to have access to your business. This is not the same as exposing your business via your company’s website because that is stored in a centralized and trusted environment protected from unauthorized entities.

This new era allows cybercriminals to more easily get to your application’s code and analyze it to find vulnerabilities, making their work much simpler and increasing the risk to your organization. In fact, according to the “2016 State of Application Security” report, 90 percent of the 126 apps tested had at least two critical security vulnerabilities. This is a frightening statistic that reveals the urgency of mobile application security.

More from Application Security

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

Twitter is the New Poster Child for Failing at Compliance

All companies have to comply with privacy and security laws. They must also comply with any settlements or edicts imposed by regulatory agencies of the U.S. government. But Twitter now finds itself in a precarious position and appears to be failing to take its compliance obligations seriously. The case is a “teachable moment” for all organizations, public and private. The Musk Factor Technology visionary and Silicon Valley founder and CEO, Elon Musk, bought social network Twitter in October for $44…