Underestimating cybersecurity issues in mobile app development generally leads to severe economic and social damage for businesses, governments and public institutions. Mobile devices store sensitive data such as e-mails, phone numbers and bank details, and a data breach can lead to identity and money theft, service disruptions and even worker safety risks. In short, smartphones perform crucial tasks in society, and the huge amount of data collected makes mobile applications one of the main targets of cyberattacks.
Driven by the needs related to smart working, businesses are among the top players who need cybersecurity.
That the issue is quite urgent is made clear by the approval in June 2021 of a decree-law establishing the National Cybersecurity Authority. We publish this JOurnal article in European Cybersecurity Month, an EU initiative for a series of awareness-raising events organized during October 2021.
Let’s see how cybersecurity affects businesses and people and which best practices are to be implemented in mobile app development.
WHY CYBERSECURITY IS IMPORTANT
The use of mobile apps in companies has increased exponentially, especially thanks to the proliferation of useful business management apps: an example is JOBY by HT Apps, which allows you to clock in and out directly with your smartphone via GPS.
Most companies have embraced digital transformation with enthusiasm, convinced by the possibility to automate processes, reduce costs and expand their range of services and products. But these benefits come with issues that are too often ignored. While this trend has made even clearer the need for digitalization, in fact many attackers have seen an opportunity to make illicit gains.
Currently, there are four types of cyberattacks that you need to consider when developing a mobile app:
PANDEMIC INCREASES CYBER THREATS
The pandemic has caused a mass shift to remote working and has made the need for timely information exchange even more urgent. The trend was already underway, but travel restrictions have triggered a race to digitalize companies to keep their businesses running. Hence there has not been enough time to develop the right level of cybersecurity awareness and learn best practices, while many companies ask themselves if cybersecurity can really work from home.
Thus, as the traffic of information and services delivered via the internet and smartphones grew between 2020 and 2021, the likelihood of a company being hit by a cyberattack has also increased exponentially.
Ransomware attacks, in particular, are growing at a rate of 400% each year and cost businesses around the world a total of $20 billion in 2020. According to industry estimates, by 2025 cybercrime will cost the world trillions of dollars annually, while the cybersecurity market will be worth $403 billion in 2027.
Cybercrime, in short, is no longer the work of a few isolated individuals sitting in their bedrooms, but a real industry.
Over the course of the pandemic, cyber-attacks have targeted crucial COVID-19 supply chains. IBM Security explained that “cyber-attacks evolved in 2020, with threat actors seeking to capitalize on the unprecedented socioeconomic, financial and political challenges brought by the COVID-19 pandemic.”
CYBERSECURITY IN EUROPE AND ITALY
Faced with such worrying statistics, for the cybersecurity month 2021 in October the EU has chosen the topics of prevention and first aid in the event of a cyberattack, two topics particularly linked to mobile technologies.
Announcing the start of cybersecurity month, the EU specified that the coronavirus pandemic is testing the resilience of global network security, while at the same time pushing more and more citizens to lead their lives and work online. “Our lives have moved to the digital dimension and educating the user online has become even more important,” the official website reads.
This year’s campaign is titled “Think Before U Click” and the main goal is to ensure that end users and organisations are well informed about potential cybersecurity risks.
The concern increases year by year in proportion to the new threats to computer systems and a particular attention is (finally) growing also in Italy.
THE IMPORTANCE OF CYBERSECURITY IN APP DEVELOPMENT IN ITALY
The unprecedented use of government apps by a large part of the population, from accessing public administration with App IO through the SPID system to monitoring contacts with Immuni, has certainly been a key factor in the increased investment in cybersecurity by Italian institutions.
In June 2021, the Draghi government approved a decree-law establishing the National Cyber Security Agency with the mission of strengthening the awareness of entities, citizens and companies on the subject and promoting best practices in the development of software, web apps and mobile apps.
Entitled “Urgent provisions on cybersecurity, definition of the national cybersecurity architecture and establishment of the National Cybersecurity Agency”, the decree completes the national cyber-resilience strategy in line with EU regulations. The DL also established the Inter-Ministerial Committee for Cybersecurity (CIC) with advisory, proposal and supervisory functions on cybersecurity policies. These bodies collaborate with the Agency for Digital Italy (AgID), which ensures the coordination of initiatives in the field of cyber security policy, planning and monitoring.
Among the various objectives is the promotion of a cybersecurity culture, whose dissemination is particularly important for a fragmented sector such as mobile application development.
COMPANIES AND SECTORS MOST AT RISK OF CYBER ATTACK
In 2020 and 2021, the use of mobile apps for a wide range of transactions increased: from buying household essentials, to seeking medical advice, to connecting with friends, family and work colleagues.
The widespread use of mobile technologies in service delivery and the amount of personal, organizational and business data stored on mobile devices makes smartphone apps a lucrative target for attacks. The year 2020 broke all records for data lost in security breaches and attacks on businesses, government and individuals.
To get an idea of the proportion of cyberattacks involving smartphones, more than 25.000 malicious mobile apps are already being removed from stores every day.
Robust cybersecurity implementations in app development are therefore particularly important for the healthcare, transportation and agritech industries, where frontline workers are often faced with autonomous tasks and may have to make decisions with the support of headquarters and colleagues.
In addition, according to PurpleSec data, 43% of cyberattacks affect small businesses, where hackers hope to find lower defenses.
The pandemic has made it even more urgent, especially for businesses, to adopt cybersecurity best practices and, in general, a change in attitude towards digital applications and services.
It is important for a company to be cyber-secure not only for the integrity of its internal resources, but also for the protection of its customers.
CYBERSECURITY IN APP DEVELOPMENT: A FEW KEY POINTS
When you hire an app developer company, because smartphone software stores sensitive data it’s important that well-defined security standards are implemented. Let’s take a look at the main cybersecurity issues in app development and how to avoid the most common problems.
CHECK STORE APPS
Using apps from the Android Play Store and the iOS App Store does not guarantee the required level of cybersecurity. Android operating systems are generally the most affected: app monitoring is mainly based on user reviews, while monitoring on the Apple platform is stricter. Even for the latter, however, the number of attacks doubles from year to year. In addition, there is no scoring of app security, which is why many companies turn to software houses to develop their own apps.
WRITE ROBUST CODE
Weak code is the gateway through which hackers infect an app, yet there are several tools available to developers to check the robustness of a code. Among the best practices to implement when it comes to security are analysing the code of every app used by staff and agile development of updates and patching. Static code analysis, dynamic code analysis and software composition analysis are three more of the ways teams can detect, protect and fix program vulnerabilities.
Encryption, which renders data unreadable to anyone without the decryption key, can protect information even if defences are not sufficient and a full-blown security breach occurs.
TEST THE APP
Testing your app is one of the main practices to ensure you have a functional and secure product in your hands. As cybersecurity is constantly evolving to deal with new threats, many businesses turn to software development companies to test their app periodically. Knowing the latest trends in cyber-attacks can help you identify threats early in the process and release patches to keep your security level high.
Cybersecurity protocols play a very important role in mobile app development, so you need to apply best practices to protect the integrity of your software and information. Whether your app is for a large or small business, cybersecurity is vital to keep all users and their personal data safe.