Southeast Asia the next boom for mobile app security – SecIron COO Nicole Ban shares her opinion


Southeast Asian (ASEAN) countries such as Malaysia, Singapore, Indonesia and Thailand are currently seeing rapid growth in mobile applications in terms of onboarding, digital transactions and service delivery. Recently, Southeast Asia has seen a surge in cybersecurity attacks targeting mobile applications in industries such as finance, government, and e-commerce. It has become important to enforce authentication, encrypt mobile communications, scan mobile apps for malware, prevent data leaks, and protect application data on devices.

To better understand the importance of mobile security across Asia, we had a short chat with the COO of SecIron. Mrs. Nicole Ban. She is Chief Operating Officer at SecIron – one of the leading providers of mobile application security solutions in Asia. SecIron focuses on securing mobile experiences by innovating and developing mobile application security technologies to protect businesses and communities from cyber criminals and mobile threats. Through their website, she and her team aim to provide comprehensive end-to-end security solutions for mobile applications and to protect customers from potential future threats.

Nicole shares her point of view on the latest mobile app security, which is currently experiencing incredible growth in Southeast Asia.

How important is security for mobile apps?

Ms. Nicole Ban: I have been involved in mobile application security across Asia for over 10 years including countries like Japan, Taiwan, Hong Kong, India and China. Recent developments since the beginning of the COVID pandemic have led to incredible changes in the way companies, users and governments interact and act more digitally.

With the rapid development of the mobile Internet, security problems with mobile apps have become more and more important. It is reported that over 97% of mobile apps have experienced security attacks such as network penetration, malicious hijacking, privacy theft, reverse engineering and decompilation, code injection, browser hijacking, SMS hijacking and the like. The security issue of mobile APPs has become an urgent problem that needs to be addressed. It is also a concern of the state, society, companies, institutions and individuals.

At this point I would like to mention that insecure data storage also affects more than 76% of applications and it has become quite difficult to protect data from unauthorized access. Basically, the greater likelihood of a data breach in mobile applications is that hackers rarely need to physically access anything to steal the personal or sensitive information of the users and the company.

Why do mobile apps have more security gaps than web platforms?

Currently, the supervision of mobile apps is still in the short-term mobilized phase and the available supervisory methods are sparse. As a result, the issues like content breach, unauthorized data collection, security breaches, and malicious behavior become more serious. As far as the PC Internet is concerned, the monitoring mechanism is mature. For example, if you want to launch a website, you need to file with the regulator and apply for an ISP certificate or ICP certificate. For mobile apps as the mainstream mobile portal, however, there is still no uniform management mechanism for filing.

According to statistics from PwC, the mobile Internet in Asia had already grown explosively in 2014, the annual transaction volume exceeded 7 trillion US dollars.

What the enormous opportunities and advantages of the mobile internet bring with it, however, are enormous risks.

When everyone’s eyes are on the high returns, they tend to ignore one big issue, which is mobile app security. Mobile apps have more security gaps than web platforms. This can be due to the following reasons.

1. Insufficient experience in security development.

2. Low investment in terms of time and economy in application security.

3. Lack of application security developers.

4. Low application security awareness among developers and businesses.

Would you please share some mobile application security tips so that ordinary users can keep the mobile app safe from viruses and malware?

Yes, I definitely want to share some mobile security tips so that users can implement them to keep all of their data safe.

Tip number 1:

This is for mobile app developers. When building a mobile application, it is very important to go through all of the components one by one and check the security for each one. In addition, you should also consider using network access control so that unknown users cannot send bulk traffic to the application and do not compromise the security of the app.

Tip number 2:

Automation is the way forward to mitigate potential threats to mobile applications. By reducing manual vulnerability management processes and eliminating the human factor, organizations can focus on security research. Automation is not a new concept in the cybersecurity industry. Automated vulnerability scans have been available for over two decades. However, it was limited to static scanning. More recently, dynamic techniques have been used to improve the level of automation in assessing application vulnerabilities. This enables faster results, fewer false positives, and better identification of actual problems versus potential problems.

Tip number 3:

Mobile applications must be built using the complex coding options that are difficult for hackers to break into. In addition, the applications should be designed to store minimal information and use only the data required, rather than gathering bulk information. By following these measures, companies can protect their company from cyber attacks and build a strong security system in the long term. Software updates must be carried out with caution. A number of companies were recently attacked for ignoring critical software updates, making them vulnerable to malware attacks. To prevent such incidents, mobile applications should only be updated when necessary.

What type of encryption do you think should be used in mobile apps?

It’s no secret that mobile applications need to be fully encrypted, but I would recommend the Advanced Encryption Standard (AES) which is the widely accepted encryption for mobile apps. Most of the people are using Android phones, downloading applications on them, and recent studies have clearly shown that Android is the most attacked platform. So when someone downloads the applications in Android, he or she has to consider full encryption and also apply some level of data encryption.

There is no single way to encrypt data, but hundreds of different ways to use the encryption function and combine it with different algorithms. If you don’t have an in-depth knowledge of how to check the level of encryption and what type of encryption is being used for your mobile application, you should turn to companies like ours, where our team of experts will guide you in detail and all solve the security-related issues.

The root of the problem is that most people don’t even know what potential problems they face when the information is leaked through mobile applications such as banking applications. It’s something that all businesses as well as customers should consider. The good news is that there are various free tools or app security tests available these days that can show you the security level of the particular mobile application.

Why does mobile application security need to be improved?

Application security needs to be improved compared to web platforms. Web security research has gone on for a dozen years, but little attention has been paid to application security until recent years. Accordingly, experience in application security development is insufficient. Also, many companies only care about the functionality of applications and ignore their security. As a result, they are unwilling to invest their human and financial resources in application security, which leads to many security gaps.

The mobile Internet has the characteristics of border ambiguity, the openness of the operating system and the untrustworthiness of mobile devices. These features pose many security challenges and threats to mobile applications when they are released for operation on the Internet, such as:

Therefore, application security should be given sufficient attention. Layered security solutions are required to ensure the security of apps. Depending on the type of apps and the system platforms, several encryption methods can be used at the same time.

How does your SecIron platform offer security for the apps?

At SecIron we solve the most important security problems in mobile apps such as insecure communication, missing input validation, insecure data storage, poor encryption, content violations, application reverse engineering, unauthorized debugging, detection of root devices, hacking tools and detection of malicious behavior and soon.

We know in-app protection is critical to maintaining and improving a company’s reputation. When mobile applications are attacked, companies see irreversible consequences. This is because if user data is stolen, customers become aware of their security and privacy and leave the store. As a result, companies are at serious risk of regulatory violations and bad publicity. If the company fails to overcome the weaknesses in the mobile applications and the attack continues for a long time, it can cause irreparable damage to the company.

Our vision is to become Asia’s number one mobile app security provider and ensure business success.

We currently offer the services from two locations:

  • Our headquarters in Tokyo, Japan
  • Our regional office in Southeast Asia in Kuala Lumpur, Malaysia

With the latest security solutions, we ensure that mobile applications are protected against hacker attacks and we do our part to make the online world safer and more secure.

We mainly cover corporate mobile applications such as:

  • IoT industry.
  • Public service.
  • SaaS industry.
  • Mobile gaming.
  • Retail and e-commerce.
  • Finance industry.
  • Health industry.
  • Utility industry.

According to a survey, more than 75% of mobile applications pass basic security tests. Hence, we focus on the need to track mobile application security and encryption technology usage. This enables employees and customers to stay safe while downloading and using the mobile applications by following a complete mobile application security checklist.

Source link


About Author

Leave A Reply