The media landscape today continues to share stories of the increased cyber vulnerabilities in mobile applications. While banks have had many years to develop and tailor their apps to respond to various security issues, with increased security around detecting fraudulent use, trading apps from smaller businesses have flown under the radar and missed out on improved security.
Although cyber criminals do continue to invest their time and effort into targeting mainstream banking apps, the less frequently deployed trading apps are providing an easier opportunity for criminals looking for a bigger prize. In the past, it made sense for the cyber-criminal to target the mainstream app - more targets, more opportunity; it was a scattergun approach. However, as app security has improved and as methods of targeting have become more sophisticated, the cyber-criminal is now able to aim for the high value trading app. This is compounded by the fact that there is no official best practice for general app security, and the technology for such platforms is constantly changing.
With this in mind, we’ve outlined a few simple tips that app vendors, including trading app vendors, can take to safeguard themselves:
1. Think like a cyber-criminal. What would a criminal do first to determine vulnerabilities? Ask yourself questions like: “If the phone is unlocked, can I get to the app and make a trade? – or is there another level of security?” “What Platform is the app built on – are there vulnerabilities that a cyber-criminal could take advantage of?”
List out your concerns and address them one at a time.
2. Challenge your colleagues to find issues. Discovering and resolving vulnerabilities in your app today could be the difference between experiencing an issue or breach tomorrow. Trust and reliability will the key to ensuring the success of your app.
Offer an incentive to a group of colleagues inside and outside of the office and challenge them to find weaknesses.
3. Stay abreast of evolving cyber threats. As cyber-attacks are ever increasing in sophistication, it is important to be aware of new attack methods as well as new technology and working practices that can be used to mitigate the impact.
Subscribe to industry newsletters, join LinkedIn groups and follow security bloggers to gain knowledge and insight into the latest cyber threats and how to combat them.
4. Protect the back-end systems. While time and effort are put into protecting the app, the systems at the back end are also critical to protect, especially if there is a web interface where users can log on. If a cyber-criminal could access the back end system and change the passwords of the users, they may be able to make a trade without even seeing the app.
Review the security of your back-end systems – make sure they’re up to date and the latest threat protection and data loss prevention technology is deployed.
5. Become a member of CiSP (Cyber Security Information Sharing Partnership). CiSP is a UK government initiative to share cyber threat information, particularly for small to mid-size businesses. Other countries have similar schemes. Peer sharing of information ensures new attack vectors are rapidly disseminated, enabling companies to take immediate action to mitigate the risk.
Grow your network with security experts, tech partners and other businesses – share knowledge, discover new defences, keep evolving and improving your business.
Vendors need to try and find the balance between giving easy access to the right person to use the app, while making it impossible for an unauthorised user, and securing the platform the app is built on at the same time. Protecting against data loss and the integrity of back-end systems needs to be a top priority for all vendors, especially with the new EU GDPR legislation just around the corner where a breach could result in a fine so hefty, it could put a business out of business.
Consumers or prosumers in the case of many trading apps, are only one click away from the competition. Effective security is a differentiator and a necessity to maintain customer trust and grow the business.
By Dr. Guy Bunker, SVP Products & Marketing at Clearswift
- Solutions for GDPR Compliance
- Watch our Securing Social Media video
- Prevent advanced Malware and Ransomware attacks from striking