Page 10 - CARAHSOFT, September/October 2021
P. 10

The Ongoing Quest for Cybersecurity
The dangers
that lurk in
mobile apps
Most agencies are overlooking a significant source of threats to their employees and data
Brian Reed
Chief Mobility Officer, NowSecure
one vulnerability, and 22% received a failing grade. Many apps were leaking phone numbers and account numbers and transmitting data to adversarial countries such as Russia and China.
At NowSecure, we’re on a mission to help agencies identify and address security vulnerabilities and data leakage issues in their mobile apps.
Protecting app portfolios
First, agencies should commit to securing mobile apps and then define the scale and scope of that commitment. For instance, will personal devices be treated differently from government-furnished equipment (GFE)? And will there be different sets of rules for employee-chosen versus agency- chosen mobile apps?
Next, agencies need to outline mission data protections and access restrictions. Because employees will leverage mobile devices (whether their own or GFE) for a mix of personal and agency requirements, a thorough evaluation of access to mission- oriented mobile apps (both custom and commercial) must be exercised. Agencies should create profile differences based
on levels of device control and authority versus mission requirements.
From there, agencies can create a mobile app vetting program. The first step is to create an inventory of all the apps and devices on the network, analyze them for risks and take appropriate action against any apps that pose security risks.
Stage two is to establish a process for evaluating new applications. For example,
GOVERNMENT EMPLOYEES ARE increasingly reliant on mobile
applications to do their jobs. But without formal monitoring programs in place, agencies might be unaware of the risks inherent in commercial and government- built apps. As a result, few agencies are investing resources and time to address this serious problem.
The average mobile device has 60 to 80 apps, representing a huge potential for vulnerabilities at agencies whose employees are using those devices for work. Thousands of apps could be tracking employees or intercepting data.
NowSecure founder Andrew Hoog has said “mobile apps are the ultimate surveillance tool, given the mix of personal and mission activities in one space.”
Bringing vulnerabilities to light
NowSecure has analyzed millions of mobile apps on the Apple App Store and Google Play and found that about 85% had security vulnerabilities and about
70% handled private data in a manner that could violate multiple agency and industry data-protection requirements.
NowSecure recently reviewed 1,700 apps on employees’ phones at one federal agency. We found that 98% had at least
Shutterstock/FCW Staff

   8   9   10   11   12