TECH TALK: BILL MAGEE says apps are coming thick and fast and it is important to check their security
The surge in online/mobile applications continues unabated. One hundred billion apps were downloaded in a single year for the first time last year. Unfortunately, it was more than matched by a 48% increase in cyberattacks compared with 2021.
Not all businesses realise that an increasing numbers of apps are developed with the main driver being monetisation rather than security. AI chatbots are increasingly integrated into an array of apps, employing machine learning techniques, many far from safe.
Computer program and software apps come flying towards companies from all directions. Initially, most are free-to-download. Once an organisation is hooked it’s all about so-called premium features, carrying with them the inevitable costs.
Which? reports 96% of UK mobile users download apps from Apple App Store or Google Play, and warns: “You’d probably assume these stores are safe places and the apps they stock can be trusted. Unfortunately, that isn’t always the case”, adding that screening doesn’t always stop malicious apps slipping through the net.
One particular case is cited: a “so-called security app”, calling itself 2FA Authenticator, which was installed 10,000 times with users’ banking information stolen before it was finally discovered.
Yet apps are now viewed as integral to the relatively new cloud-centric commercial world. Increasing numbers are being developed to embrace artificial intelligent features, including augmented and virtual realities.
Big Tech is at the forefront of latest developments. AI virtual assistants like Siri, Cortana and Alexa are now commonplace.
Meanwhile, latest security threat data makes for a sobering read and cyber threats are especially prevalent with remote connections led by virtual assistants.
Fraudsters are having a field day, stealing £2,300 from victims last year every minute. At stake is an organisation’s precious data sovereignty, especially now with large amounts of sensitive information hosted in the cloud.
Typically, a malicious app is innocently downloaded but as its code is injected with dodgy software this enables the attacker to exploit weaknesses and vulnerabilities.
The malware route can occur through unauthorised fraud ie without consent, or is authorised when a victim is tricked into sending cash to a criminal’s bank account.
One recommended solution involves implementing a runtime threat detection security check. Organisations should speak to vendors about adequately protecting workload, especially if there aren’t enough personnel with time to deploy, fine tune and monitor a solution.
TechTarget.com defines runtime as the final stage of a computer program lifecycle. Without it a business cannot operate efficiently in a cloud environment.
Having runtime security in place is especially crucial for the chief information officer (CIO) and a usually undermanned and overworked DevOps team working to leverage convergence of IT and operational tech (OT) to improve frontline decision-making while protecting critical infrastructure.
VMWare and IDC got together to examine just how safe sensitive information is in a cloud setting. Their research found that organisations need help to navigate what has become an increasingly complex working environment.
In particular, the survey cites “a massive unmet demand for data sovereignty solutions”, to meet strict and changing regulations and combatting new privacy threats.
Seth Dobrin, president of the not-for-profit Responsible AI Institute, doesn’t share OpenAI CEO Sam Altman’s pessimism that society’s use of AI could cause significant harm to the world.
But he conceded there are challenges and the market must remain “clear eyed” on its ongoing research into AI. Also rigorously-audited shared protocols for advanced AI design are overdue.
MIT Technology Review says calls for AI controls have intensified since OpenAI’s chatbot ChatGPT grabbed everyone’s “wonder and worry”. Microsoft is the latest calling for regulation.
Ultimately, for business and commerce it’s all about ensuring businesses are more resilient when operating on online and mobile channels.
One thing’s for certain in an uncertain cyberworld. There’s bound to be an app, more likely apps aplenty, offering help. Just be wary which one you download.
This column is supported by Exception
