Adobe, Yahoo Mail and PlayStation users have all had their passwords and personal information hacked in large-scale security breaches in recent years. Now tech giant HP is calling for companies to “eliminate opportunities” given to attackers to access information.
These large-scale hacks have put millions of users’ personal details at risk with the Adobe hack alone exposing 38m accounts to abuse. In its annual cyber risk report, HP criticised sharing of intelligence within the industry.
The company said that the technology industry should pull together to share intelligence about security and the tactics they should use in order to disrupt malicious activities.
It looked at more than 500,000 applications for Android and found that mobile developers often fail to use encryption when storing sensitive data on mobile devices, rely on weak algorithms to do so or misuse stronger encryption capabilities which render them ineffective. Its report states that 56% of applications tested showed weaknesses that revealed information about the application, its implementation or its users.
The report will be worrying for consumers as it highlights the vulnerability of many apps and how their personal data can be accessed by those with the knowledge to do so. With smartphone users checking their mobiles up to 150 times and a total use time of more than two hours each day it amount of information we are giving to companies is increasing.
Many applications are given access to our payment details, contacts, address and more. For consumers there is a need for our personal data to be safely stored by the brands we trust.
For the developers and companies running the applications there may be more costly consequences for failing to securely protect our private information. This was shown last year as Sony were fined £250,000 for security failures after gamers’ details were leaked online in 2011. For smaller companies this scale of monetary penalty could have a serious impact on their business.
To help combat the threat of attackers being able to access users’ personal data, HP recommends combining the right staff members, processes and technology to minimise the vulnerabilities and reduce the overall risk.
HP said: “Organisations and developers alike must stay cognizant of security pitfalls in frameworks and other third-party code, particularly for hybrid mobile development platforms. Robust security guidelines must be enacted to protect the integrity of applications and the privacy of users.”
Image courtesy of Gustavo Molina.