SlideShare una empresa de Scribd logo

Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Application Security Study"

Descargar como PPTX, PDF
IBM Security
IBM Security

Mobile and Internet of Things (IoT) applications continue to be released at a rapid pace. But organizations’ rush-to-release of new applications to meet rapidly-evolving user demand can jeopardize the applications’ level of security protection. View these slides from our January 18th webinar, where Larry Ponemon from the Ponemon Institute, Arxan Technologies and IBM Security review findings from our brand-new mobile & IoT application security study.

Tecnología
1 de 34
Sponsored by IBM and Arxan Technologies Dr. Larry Ponemon, Ponemon Institute Neil K. Jones, IBM Security Mandeep Khera, Arxan Technologies 2017 Study on Mobile and Internet of Things Application Security
Agenda  Overview of “2017 State of Mobile and IoT Application Security” study  Key findings  Risk of mobile and IoT applications  Are organizations mobilized to reduce security risk?  Current security practices in place  Survey methodology  Q&A session
Presenters Neil K. Jones, Application Security Market Segment Manager, IBM Security Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute Mandeep Khera, Chief Marketing Officer, Arxan Technologies
Purpose of the study The purpose of this research is to understand how companies are reducing the risk of mobile apps and Internet of Things (IoT) in the workplace. The risks created by mobile apps have been well researched and documented. This study reveals how companies are unprepared for risks created by vulnerabilities in IoT apps. January 18, 2017 Ponemon Institute Presentation Private and Confidential 3
Sample response Frequency Percentage Sampling frame 16,450 100.0% Total returns 651 4.0% Rejected or screened surveys 58 0.4% Final sample 593 3.6% January 18, 2017 Ponemon Institute Presentation Private and Confidential 4
A summary of key findings in this research • Many organizations are worried about an attack against mobile and IoT apps that are used in the workplace. • Organizations have no confidence or are not confident they know all mobile and IoT apps in the workplace. • The use of mobile and IoT apps are threats to a strong security posture. • Mobile and IoT risks exist because end-user convenience is considered more important than security. • The functions most responsible for mobile and IoT security reside outside the security function. • Hacking incidents and regulations drive growth in budgets. • Despite the risk, there is a lack of urgency to address mobile and IoT security threats. • Malware is believed to pose a greater threat to mobile than IoT apps. January 18, 2017 Ponemon Institute Presentation Private and Confidential 5
Page 6 The risk of mobile and IoT apps Ponemon Institute Presentation Private and Confidential
How difficult is it to secure mobile and IoT apps? 1 = easy to 10 = very difficult, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 7 84% 69% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Level of difficulty in securing IoT apps Level of difficulty in securing mobile apps
How concerned is your organization about getting hacked through a mobile or an IoT app? Very concerned and Concerned responses combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 8 58% 53% 0% 10% 20% 30% 40% 50% 60% 70% Hacked through an IoT app Hacked through a mobile app
How concerned is your organization about the threat of malware to mobile and IoT apps? 1 = no concern to 10 = very concerned, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 9 84% 66% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Threat of malware to mobile apps Threat of malware to IoT apps
How significantly does employees’ mobile and IoT apps use affect your organization’s security risk posture? Very significant and Significant increase responses are combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 10 79% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Use of mobile apps Use of IoT apps
How confident are you that your organization knows all of the mobile and IoT apps in the workplace? Not confident or No confidence responses are combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 11 75% 63% 0% 10% 20% 30% 40% 50% 60% 70% 80% Knowledge of all the IoT apps used by employees in the workplace Knowledge of all the mobile applications used by employees in the workplace
How important is end-user convenience when building and/or deploying mobile and IoT apps? 1 = not important to 10 = very important, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 12 68% 62% 0% 10% 20% 30% 40% 50% 60% 70% 80% End-user convenience when building and/or deploying IoT apps in the workplace End-user convenience when building and/or deploying mobile apps in the workplace
Who is primarily responsible for the security of mobile and IoT apps? January 18, 2017 Ponemon Institute Presentation Private and Confidential 13 11% 2% 16% 31% 5% 21% 14% 11% 3% 8% 11% 15% 20% 32% 0% 5% 10% 15% 20% 25% 30% 35% No one person is responsible Head, quality assurance User of mobile apps Head, application development CISO/CSO Lines of business (LOB) CIO/CTO Responsible for the security of mobile apps Responsible for the security of IoT apps
Would any of the following factors influence your organization to increase the budget? Two responses permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 14 15% 10% 12% 15% 23% 25% 46% 54% 0% 10% 20% 30% 40% 50% 60% None of the above Concern over potential loss of customers due to a security incident Government incentives such as tax credits Concern over potential loss of revenues due to a security incident Concern over relationship with business partners and other third parties Media coverage of a serious hacking incident affecting another company New regulations A serious hacking incident affecting your organization
Page 15 Are organizations mobilized to reduce the risk? Ponemon Institute Presentation Private and Confidential
How concerned are you about the use of insecure mobile and IoT apps in the workplace? 1 = not concerned to 10 = very concerned, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 16 70% 64% 0% 10% 20% 30% 40% 50% 60% 70% 80% Insecure IoT apps Insecure mobile applications
Please rate your organization’s urgency in securing mobile and IoT apps. 1 = low urgency to 10 = high urgency, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 17 42% 32% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Urgency in securing IoT apps Urgency in securing mobile apps
Has your organization experienced a data breach or cyber attack because of an insecure mobile or IoT app? January 18, 2017 Ponemon Institute Presentation Private and Confidential 18 11% 15% 34% 40% 4% 11% 31% 54% 0% 10% 20% 30% 40% 50% 60% Yes, known with certainty Yes, most likely Yes, likely No, not likely Data breach or cyber attack caused by an insecure mobile app Data breach or cyber attack caused by an insecure IoT app
Page 19 Current security practices in place Ponemon Institute Presentation Private and Confidential
How often does your organization test mobile and IoT apps? January 18, 2017 Ponemon Institute Presentation Private and Confidential 20 48% 26% 14% 7% 5% 0% 26% 35% 18% 8% 10% 3% 0% 10% 20% 30% 40% 50% 60% We do not test Testing is not pre-scheduled Every time the code changes Unsure Annually Monthly Mobile apps IoT apps
Where are mobile and IoT apps tested? January 18, 2017 Ponemon Institute Presentation Private and Confidential 21 39% 32% 29% 58% 26% 16% 0% 10% 20% 30% 40% 50% 60% 70% Primarily in production Primarily in development Both in production and development Mobile apps IoT apps
Top five means of securing mobile and IoT apps More than one response permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 22 15% 26% 26% 30% 39% 30% 51% 53% 55% 57% 0% 10% 20% 30% 40% 50% 60% Security testing throughout the SDLC Dynamic application security testing Static application security testing Educate developers on safe coding Penetration testing Primary means of securing mobile apps Primary means of securing IoT apps
The most difficult OWASP mobile app security risks to mitigate Very difficult and Difficult responses combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 23 35% 38% 41% 43% 47% 50% 60% 62% 65% 70% 0% 10% 20% 30% 40% 50% 60% 70% 80% Lack of Binary Protection Improper Session Handling Security Decisions Via Untrusted Inputs Insecure Data Storage Insufficient Transport Layer Protection Poor Authorization and Authentication Client Side Injection Weak Server Side Controls Unintended Data Leakage Broken Cryptography
The main reasons why mobile and IoT apps contain vulnerable code More than one response permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 24 4% 21% 33% 36% 40% 48% 51% 65% 69% 3% 18% 30% 36% 55% 44% 49% 65% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% Other Application development tools have inherent bugs Lack of understanding/training on secure coding practices Incorrect permissions Lack of quality assurance and testing procedures Malicious coding errors Lack of internal policies or rules that clarify security requirements Accidental coding errors Rush to release pressures on application development team Reason why IoT apps contain vulnerable code Reason why mobile apps contain vulnerable code
Page 25 Methods Ponemon Institute Presentation Private and Confidential
Current position level within the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 26 2% 3% 16% 22% 15% 40% 2% Senior Executive Vice President Director Manager Supervisor Technician/Staff Contractor
The primary person reported to within the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 27 54% 18% 9% 6% 4% 2% 2%2% 3% Chief Information Officer Chief Information Security Officer Chief Technology Officer Chief Risk Officer Chief Security Officer Chief Operating Officer Compliance Officer Data center management Other
Primary industry classification January 18, 2017 Ponemon Institute Presentation Private and Confidential 28 18% 11% 10% 10%9% 9% 8% 5% 5% 3% 3% 2%2%2% 3% Financial services Health & pharmaceuticals Public sector Services Industrial & manufacturing Retail Technology & software Consumer products Energy & utilities Entertainment & media Hospitality Communications Education & research Transportation Other
Worldwide headcount of the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 29 8% 13% 21% 25% 17% 9% 7% Less than 100 100 to 500 501 to 1,000 1,001 to 5,000 5,001 to 25,000 25,001 to 75,000 More than 75,000
Arxan and IBM End-to-End Mobile and IoT Security Solution Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Device Security Content Security Application Security Identity & Access Provision, manage and secure Corporate and BYOD devices Secure enterprise content sharing and segregate enterprise and personal data Develop secure, vulnerability free, hardened and risk aware applications Secure access and transactions for customers, partners and employees Security Intelligence A unified architecture for integrating mobile security information and event management (SIEM), log management, anomaly detection, and configuration and vulnerability management IBM QRadar Security Intelligence Platform IBM MobileFirst Protect (MaaS360) IBM Security AppScan, Arxan Application Protection, IBM Trusteer Mobile SDK IBM Security Access Manager for Mobile, IBM Trusteer Pinpoint Security Intelligence Content Security Application Security Identity & Access Device Security DATA Personal and Consumer Enterprise © Copyright IBM Corporation 2016. All rights reserved.
• Link to study: 2017 State of Mobile & IoT Application Security • Related blog: Is IoT Security a Ticking Time Bomb? • Learn more about the IBM Security & Arxan Technologies partnership 31 Resources to learn more
Page 32 Q&A Ponemon Institute Toll Free: 800.887.3118 Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA research@ponemon.org Neil K. Jones nkjones@us.ibm.com Mandeep Khera mkhera@arxan.com Ponemon Institute Presentation Private and Confidential
Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web- based surveys. • Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. • Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are involved in the security of mobile and IoT application security in their organizations. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge that the results may be biased by external events such as media coverage. Finally, because we used a Web-based collection method, it is possible that non-Web responses by mailed survey or telephone call would result in a different pattern of findings. • Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response. January 18, 2017 Ponemon Institute Presentation Private and Confidential 33

Recomendados

Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksLife on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksIBM Security
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19IBM Sverige
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
 

Recomendados

Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksLife on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksIBM Security
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19IBM Sverige
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to CyberthreatsIBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationIBM Security
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadIBM Security
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Security
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Securityscoopnewsgroup
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public versionIBM Sverige
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativeChris Pepin
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIBM Security
 

Más contenido relacionado

La actualidad más candente

Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to CyberthreatsIBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationIBM Security
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadIBM Security
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Security
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Securityscoopnewsgroup
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public versionIBM Sverige
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 

La actualidad más candente (20)

Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and Reputation
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty Visualization
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies ahead
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions Roadmap
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS Solution
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Security
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 

Destacado

Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativeChris Pepin
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIBM Security
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Chris Pepin
 
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primerPulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primerChris Pepin
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee Prolifics
 
How to lead a large organization through agile transformation bodhi choudhuri
How to lead a large organization through agile transformation bodhi choudhuriHow to lead a large organization through agile transformation bodhi choudhuri
How to lead a large organization through agile transformation bodhi choudhuriBodhi Choudhuri
 
Computación básica
Computación básicaComputación básica
Computación básicadeyipaola
 

Destacado (11)

Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiative
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
 
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primerPulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee
 
Mitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-Radar
 
How to lead a large organization through agile transformation bodhi choudhuri
How to lead a large organization through agile transformation bodhi choudhuriHow to lead a large organization through agile transformation bodhi choudhuri
How to lead a large organization through agile transformation bodhi choudhuri
 
Computación básica
Computación básicaComputación básica
Computación básica
 

Similar a Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Application Security Study"

New Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesNew Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesSynopsys Software Integrity Group
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityZimperium
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsNowSecure
 
Ponemon Institute Research Report
Ponemon Institute Research ReportPonemon Institute Research Report
Ponemon Institute Research ReportPeter Tutty
 
Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity Casey Lucas
 
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?AGILLY
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyserTim Youm
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystBill Burns
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductSalesforce Developers
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.CAS
 
2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chainCameron Townshend
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfIDG
 
How Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesHow Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesSkycure
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceBlueboxer2014
 

Similar a Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Application Security Study" (20)

New Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesNew Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challenges
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested Reality
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
 
Ponemon Institute Research Report
Ponemon Institute Research ReportPonemon Institute Research Report
Ponemon Institute Research Report
 
Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity
 
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
 
2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
 
How Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesHow Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile Devices
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the Workplace
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ck
 

Más de IBM Security

Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 

Más de IBM Security (10)

Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 

Último

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Último (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Application Security Study"

  • 1. Sponsored by IBM and Arxan Technologies Dr. Larry Ponemon, Ponemon Institute Neil K. Jones, IBM Security Mandeep Khera, Arxan Technologies 2017 Study on Mobile and Internet of Things Application Security
  • 2. Agenda  Overview of “2017 State of Mobile and IoT Application Security” study  Key findings  Risk of mobile and IoT applications  Are organizations mobilized to reduce security risk?  Current security practices in place  Survey methodology  Q&A session
  • 3. Presenters Neil K. Jones, Application Security Market Segment Manager, IBM Security Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute Mandeep Khera, Chief Marketing Officer, Arxan Technologies
  • 4. Purpose of the study The purpose of this research is to understand how companies are reducing the risk of mobile apps and Internet of Things (IoT) in the workplace. The risks created by mobile apps have been well researched and documented. This study reveals how companies are unprepared for risks created by vulnerabilities in IoT apps. January 18, 2017 Ponemon Institute Presentation Private and Confidential 3
  • 5. Sample response Frequency Percentage Sampling frame 16,450 100.0% Total returns 651 4.0% Rejected or screened surveys 58 0.4% Final sample 593 3.6% January 18, 2017 Ponemon Institute Presentation Private and Confidential 4
  • 6. A summary of key findings in this research • Many organizations are worried about an attack against mobile and IoT apps that are used in the workplace. • Organizations have no confidence or are not confident they know all mobile and IoT apps in the workplace. • The use of mobile and IoT apps are threats to a strong security posture. • Mobile and IoT risks exist because end-user convenience is considered more important than security. • The functions most responsible for mobile and IoT security reside outside the security function. • Hacking incidents and regulations drive growth in budgets. • Despite the risk, there is a lack of urgency to address mobile and IoT security threats. • Malware is believed to pose a greater threat to mobile than IoT apps. January 18, 2017 Ponemon Institute Presentation Private and Confidential 5
  • 7. Page 6 The risk of mobile and IoT apps Ponemon Institute Presentation Private and Confidential
  • 8. How difficult is it to secure mobile and IoT apps? 1 = easy to 10 = very difficult, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 7 84% 69% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Level of difficulty in securing IoT apps Level of difficulty in securing mobile apps
  • 9. How concerned is your organization about getting hacked through a mobile or an IoT app? Very concerned and Concerned responses combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 8 58% 53% 0% 10% 20% 30% 40% 50% 60% 70% Hacked through an IoT app Hacked through a mobile app
  • 10. How concerned is your organization about the threat of malware to mobile and IoT apps? 1 = no concern to 10 = very concerned, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 9 84% 66% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Threat of malware to mobile apps Threat of malware to IoT apps
  • 11. How significantly does employees’ mobile and IoT apps use affect your organization’s security risk posture? Very significant and Significant increase responses are combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 10 79% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Use of mobile apps Use of IoT apps
  • 12. How confident are you that your organization knows all of the mobile and IoT apps in the workplace? Not confident or No confidence responses are combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 11 75% 63% 0% 10% 20% 30% 40% 50% 60% 70% 80% Knowledge of all the IoT apps used by employees in the workplace Knowledge of all the mobile applications used by employees in the workplace
  • 13. How important is end-user convenience when building and/or deploying mobile and IoT apps? 1 = not important to 10 = very important, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 12 68% 62% 0% 10% 20% 30% 40% 50% 60% 70% 80% End-user convenience when building and/or deploying IoT apps in the workplace End-user convenience when building and/or deploying mobile apps in the workplace
  • 14. Who is primarily responsible for the security of mobile and IoT apps? January 18, 2017 Ponemon Institute Presentation Private and Confidential 13 11% 2% 16% 31% 5% 21% 14% 11% 3% 8% 11% 15% 20% 32% 0% 5% 10% 15% 20% 25% 30% 35% No one person is responsible Head, quality assurance User of mobile apps Head, application development CISO/CSO Lines of business (LOB) CIO/CTO Responsible for the security of mobile apps Responsible for the security of IoT apps
  • 15. Would any of the following factors influence your organization to increase the budget? Two responses permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 14 15% 10% 12% 15% 23% 25% 46% 54% 0% 10% 20% 30% 40% 50% 60% None of the above Concern over potential loss of customers due to a security incident Government incentives such as tax credits Concern over potential loss of revenues due to a security incident Concern over relationship with business partners and other third parties Media coverage of a serious hacking incident affecting another company New regulations A serious hacking incident affecting your organization
  • 16. Page 15 Are organizations mobilized to reduce the risk? Ponemon Institute Presentation Private and Confidential
  • 17. How concerned are you about the use of insecure mobile and IoT apps in the workplace? 1 = not concerned to 10 = very concerned, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 16 70% 64% 0% 10% 20% 30% 40% 50% 60% 70% 80% Insecure IoT apps Insecure mobile applications
  • 18. Please rate your organization’s urgency in securing mobile and IoT apps. 1 = low urgency to 10 = high urgency, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 17 42% 32% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Urgency in securing IoT apps Urgency in securing mobile apps
  • 19. Has your organization experienced a data breach or cyber attack because of an insecure mobile or IoT app? January 18, 2017 Ponemon Institute Presentation Private and Confidential 18 11% 15% 34% 40% 4% 11% 31% 54% 0% 10% 20% 30% 40% 50% 60% Yes, known with certainty Yes, most likely Yes, likely No, not likely Data breach or cyber attack caused by an insecure mobile app Data breach or cyber attack caused by an insecure IoT app
  • 20. Page 19 Current security practices in place Ponemon Institute Presentation Private and Confidential
  • 21. How often does your organization test mobile and IoT apps? January 18, 2017 Ponemon Institute Presentation Private and Confidential 20 48% 26% 14% 7% 5% 0% 26% 35% 18% 8% 10% 3% 0% 10% 20% 30% 40% 50% 60% We do not test Testing is not pre-scheduled Every time the code changes Unsure Annually Monthly Mobile apps IoT apps
  • 22. Where are mobile and IoT apps tested? January 18, 2017 Ponemon Institute Presentation Private and Confidential 21 39% 32% 29% 58% 26% 16% 0% 10% 20% 30% 40% 50% 60% 70% Primarily in production Primarily in development Both in production and development Mobile apps IoT apps
  • 23. Top five means of securing mobile and IoT apps More than one response permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 22 15% 26% 26% 30% 39% 30% 51% 53% 55% 57% 0% 10% 20% 30% 40% 50% 60% Security testing throughout the SDLC Dynamic application security testing Static application security testing Educate developers on safe coding Penetration testing Primary means of securing mobile apps Primary means of securing IoT apps
  • 24. The most difficult OWASP mobile app security risks to mitigate Very difficult and Difficult responses combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 23 35% 38% 41% 43% 47% 50% 60% 62% 65% 70% 0% 10% 20% 30% 40% 50% 60% 70% 80% Lack of Binary Protection Improper Session Handling Security Decisions Via Untrusted Inputs Insecure Data Storage Insufficient Transport Layer Protection Poor Authorization and Authentication Client Side Injection Weak Server Side Controls Unintended Data Leakage Broken Cryptography
  • 25. The main reasons why mobile and IoT apps contain vulnerable code More than one response permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 24 4% 21% 33% 36% 40% 48% 51% 65% 69% 3% 18% 30% 36% 55% 44% 49% 65% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% Other Application development tools have inherent bugs Lack of understanding/training on secure coding practices Incorrect permissions Lack of quality assurance and testing procedures Malicious coding errors Lack of internal policies or rules that clarify security requirements Accidental coding errors Rush to release pressures on application development team Reason why IoT apps contain vulnerable code Reason why mobile apps contain vulnerable code
  • 26. Page 25 Methods Ponemon Institute Presentation Private and Confidential
  • 27. Current position level within the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 26 2% 3% 16% 22% 15% 40% 2% Senior Executive Vice President Director Manager Supervisor Technician/Staff Contractor
  • 28. The primary person reported to within the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 27 54% 18% 9% 6% 4% 2% 2%2% 3% Chief Information Officer Chief Information Security Officer Chief Technology Officer Chief Risk Officer Chief Security Officer Chief Operating Officer Compliance Officer Data center management Other
  • 29. Primary industry classification January 18, 2017 Ponemon Institute Presentation Private and Confidential 28 18% 11% 10% 10%9% 9% 8% 5% 5% 3% 3% 2%2%2% 3% Financial services Health & pharmaceuticals Public sector Services Industrial & manufacturing Retail Technology & software Consumer products Energy & utilities Entertainment & media Hospitality Communications Education & research Transportation Other
  • 30. Worldwide headcount of the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 29 8% 13% 21% 25% 17% 9% 7% Less than 100 100 to 500 501 to 1,000 1,001 to 5,000 5,001 to 25,000 25,001 to 75,000 More than 75,000
  • 31. Arxan and IBM End-to-End Mobile and IoT Security Solution Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Device Security Content Security Application Security Identity & Access Provision, manage and secure Corporate and BYOD devices Secure enterprise content sharing and segregate enterprise and personal data Develop secure, vulnerability free, hardened and risk aware applications Secure access and transactions for customers, partners and employees Security Intelligence A unified architecture for integrating mobile security information and event management (SIEM), log management, anomaly detection, and configuration and vulnerability management IBM QRadar Security Intelligence Platform IBM MobileFirst Protect (MaaS360) IBM Security AppScan, Arxan Application Protection, IBM Trusteer Mobile SDK IBM Security Access Manager for Mobile, IBM Trusteer Pinpoint Security Intelligence Content Security Application Security Identity & Access Device Security DATA Personal and Consumer Enterprise © Copyright IBM Corporation 2016. All rights reserved.
  • 32. • Link to study: 2017 State of Mobile & IoT Application Security • Related blog: Is IoT Security a Ticking Time Bomb? • Learn more about the IBM Security & Arxan Technologies partnership 31 Resources to learn more
  • 33. Page 32 Q&A Ponemon Institute Toll Free: 800.887.3118 Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA research@ponemon.org Neil K. Jones nkjones@us.ibm.com Mandeep Khera mkhera@arxan.com Ponemon Institute Presentation Private and Confidential
  • 34. Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web- based surveys. • Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. • Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are involved in the security of mobile and IoT application security in their organizations. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge that the results may be biased by external events such as media coverage. Finally, because we used a Web-based collection method, it is possible that non-Web responses by mailed survey or telephone call would result in a different pattern of findings. • Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response. January 18, 2017 Ponemon Institute Presentation Private and Confidential 33