main

Application SecuritySecurity

Consumers’ Insatiable APP-etites Slowed, but Not Stopped by Security

October 29, 2015 — by Ben Desjardins0

The other day I was making my way through the airport and stopped at a restaurant for a quick bite to eat. I took a seat at the bar, and the bartender pointed out the tablet waiting for me from which I could view the menu and order my lunch.

So this is what we’ve come to… an obsession with digitizing every interaction to the point where I use an app to communicate to the person five feet in front of me? While perhaps a somewhat extreme and silly (though 100% true) example, we are clearly on a path of living and interacting increasingly through apps.

There’s lots of data to support this by the way…

This past summer, Nielsen published the results of a survey on smartphone and mobile application usage. In addition to the unsurprising result that consumers spend more time than ever on their devices (about 37 hours per month), the study revealed that the average number uses on average over 20 different applications per month.

Growing even faster than the use of apps on mobile devices is the number of options consumers have when it comes to apps. Both the iOS App Store and Google Play have nearly doubled the number of apps that they offer between 2013 and 2014, with Google passing Apple for the first time last year.  I struggle to think of a major retailer or consumer brand that isn’t pushing me towards some application to replace archaic forms of interaction such as a phone call or (heaven forbid) a face-to-face interaction. And these apps are now more than just a means of lowering costs associated with customer support. Look at the current ad campaign by GEICO promoting their consecutive awards for “best mobile app” as the basis for why I should pick them for insurance (everyone knows that).

The seemingly unstoppable momentum behind consumer apps got us thinking… how do these consumers feel about the security of the applications they use day-in, day-out? With this general question in mind, we commissioned Harris Poll to conduct an online survey of our own among U.S. consumers1, and today published the results. I encourage you to access the full report and supporting infographic, but will give you a few highlights of what we learned.

Security Concerns? Yeah, sort of…

A prevailing mindset of consumers when it comes to the security of applications they use seems to be that they have concerns, but not enough to stop them from downloading and using them. Fully, 87% say that they expect cloud-based applications could be hacked. Still, a puzzling contradiction appears where 45% say they believe the apps generally keep personal data secure. Sort of “well it could happen… but I don’t think it will… at least not to me.”

Consumers worry that the most popular applications would be more likely to be targeted than less popular ones, with 69% agreeing these are the most likely to be hacked. The previously mentioned Nielsen study also indicates that over 70% of app usage is driven by the top 200 apps. This raises an interesting question for me… do the most popular apps represent the greatest risk to consumers with regard to data loss? I think it is totally reasonable to assume that the most popular apps are also the most popular targets, in much the same way that the most popular operating systems or software become common targets for vulnerability exploit. But it’s also fair to assume that the top 200 applications have been built and are operating with a level of security in mind above that of the other 5 million or so apps out there.

Or maybe I’m the one with faulty perceptions and expectations of application security. Consider the recent issue with the Kardashian apps (written about recently by my colleague Carl Herberger by the way), the result of a vulnerability in an underlying API.

This points out another key dynamic around the explosion of consumer apps… more often than not, the organization represented by the app is not behind the creation of the applications. Still, it is their brand and their trusted relationships with their customers that are at risk.

But that’s not all that’s at risk. Our survey reveals that consumers have significant expectations of organizations that breach their trust. Specifically, 85% of consumers say that brands behind the app should offer compensation or identity protection to those affected if there is a breach. Additionally, over half of those who use cloud-based apps/services (54%) say they would stop using the app if a breach occurred. Given the propensity for use of apps, that likely means they may start using a competitor rather than revert to other ways of interacting.

The results of our survey reinforce some common responses when surveying consumers about security, but also give some good insights into consumer trade-offs for convenience vs. security. And they also should give organizations considering (or already) leveraging apps to engage with consumers some perspective on what’s at stake and the expectations around remedying security issues.

1Online survey conducted by Harris Poll on behalf of Radware from Sept. 28-30, 2015 among 2,049 U.S. adults age 18 and older, among which 621 use cloud-based apps/services. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables, please contact deborah.szajngarten@radware.com.

Ben Desjardins

Ben Desjardins drives the development of vertical and use-case specific solutions for Radware’s Security Product Portfolio. In this role, Ben focuses extensively on the competitive landscape for anti-DDoS, WAF and anti-scraping technologies. Ben has extensive experience across a wide array of security technologies and disciplines, including DDoS, DNS, SSL, Threat/Vulnerability Management, IAM and PCI-DSS and he brings nearly two decades of marketing management experience to his work at Radware, including over 12 years focused on the information security and cyber threat arenas. Additionally, Ben has led global go-to-market efforts across many industries including retail, Ecommerce, financial services, public sector and healthcare/life sciences.

Leave a Reply

Your email address will not be published. Required fields are marked *