“There’s an app for that.”
It’s an utterance that today is probably met with a resounding “Duh!”
Why? Because there’s an app for everything. Odds are if you can think it up, there is, indeed, an app for it. For many, apps have become a basic human necessity.
Apps are an essential component of our digital lives. They’re powerful business tools. They’re fun personal time-wasters. We can accomplish the most mundane to the most complex tasks with a few taps and swipes.
And while we tend to think of apps in context of smartphones, laptops and other connected devices, the term application can apply to many types of software, services, tools and clients across a wide range of platforms, such as Internet of Things (IoT) devices, vehicles, appliances, electronics and more.
The App-Blended Life
It’s hard to imagine going a day without work or personal apps. They drive our routines. When was the last time you left the house without your smartphone? If it was recently, you likely panicked slightly without it.
We call this the app-blended life, where personal and work lives are no longer compartmentalised. We use personal apps at work and business apps at home. We use some apps for both. The lines have blurred.
But do we ever stop to think: Is this app secure? And who is responsible for protecting us as users? Is it IT? Is it the developer? Is it the user? Or is it a combination of all three?
And how often do we realize how our use of applications affects business from a security and productivity perspective?
There are many security studies in our industry. They are very uniform in nature. They cover attack trends, impact of attacks and the evolution of threats. They are all important. However, A10 Networks wants to take a unique approach by illuminating the side of risk and security that is not evaluated enough – human behaviour. A10 wants to break away from the school of fish and help better understand how the global workforce’s experiences and behaviours with apps impact personal and corporate security. We want to help IT organizations and security teams understand how people use apps. Why they use them. Their perception of personal and business security when using them. And potential behavioural risks to businesses and IT teams.
So we launched the A10 Application Intelligence Report, or A10 AIR for short. A10 AIR is a global research project that examines how attitude, behaviour and experience involving apps impacts personal and corporate security.
Through our research, we made interesting discoveries – some startling, some not so surprising. For example:
The Importance of Apps
- 42 percent of respondents globally say they can’t live without apps, while another 44 percent say they would struggle to live without them.
- In a test of how literal or passionate respondents are in backing such statements, half of the respondents describe apps as equally as important or almost as important as breathing, eating or drinking.
App Behaviour and Security Due Diligence
- 83 percent of respondents agree or strongly agree that they think about security risks when downloading an app, but note that they think about security less after the initial download.
- Only one in four (24 percent) respondents think of security as the most important attribute when downloading apps – security is tied with ease of use and ranks behind performance as most important.
- Fewer than one in five think about security when using business apps. Why? Because many expect IT and app developers to protect them.
- Not only does security consideration decline after downloading applications, almost half of the respondents (47 percent) think their company’s app developers lack the necessary skills to build safe business apps.
- More than two out of five respondents don’t believe security is a top priority for third-party app developers.
- Laptops and mobile devices are perceived as more vulnerable than IoT devices, such as surveillance cameras, smart TVs and Internet-enabled cars. This misperception leads to problems in the era of theDDoS of Things, the large-scale DDoS attacks that leverage IoT devices that are often found on corporate property, like TVs and surveillance cameras. For example, In October 2016, the Mirai botnet leveraged nearly 500,000 webcams to launch the largest DDoS attack in human history.
- Globally, 13 percent of respondents say they have been a victim of identity theft.
- 39 percent of respondents in China have had their identity stolen.
- One in five (20 percent) global respondents have had their mobile device or computer hacked.
- Almost one in three under 30 (31 percent) has been hacked.
- One in three (34 percent) respondents under 30 has lost their mobile device or computer. One in four (24 percent) of that same age demographic has had their mobile device stolen at one time.
Behaviour Impacts Business
You may ask, what does this have to do with business? Or A10? Or our product portfolio? It’s simple: Employees bring their behaviour to work every business day.
Poor security behaviour, particularly with applications that hold sensitive personal and business information, can introduce threats to individuals and enterprises alike. As a vendor, we care about customers generating ROI from their solutions. Any breach or security compromise, whether caused by negligent or malicious behaviour, undermines ROI on security investments.
How can you cost-justify security investments if your company is breached and news about it breaks publicly? Managing human behavioural implications is part of a diligent approach to corporate security. It boils down to people, process and technology – all three must be addressed.
IT organizations can leverage this data to make better business decisions to protect users by strengthening protection of their IT infrastructure and their applications. Every action taken on a corporate network or device – yes, even within a personal app – can affect the security posture of an organization.
From a cultural perspective, IT can study the app-blended life, consider user behaviour as a factor in security planning, build enterprise-wide security awareness and influence a security-minded culture.
And from a technology perspective, IT pros can use this data to make the case for improved per-app visibility, per-app analytics, performance, removal of security blind spots and implementation of tighter controls across all application environments.