SlideShare a Scribd company logo

Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Application Security Study"

Download as PPTX, PDF
IBM Security
IBM Security

Mobile and Internet of Things (IoT) applications continue to be released at a rapid pace. But organizations’ rush-to-release of new applications to meet rapidly-evolving user demand can jeopardize the applications’ level of security protection. View these slides from our January 18th webinar, where Larry Ponemon from the Ponemon Institute, Arxan Technologies and IBM Security review findings from our brand-new mobile & IoT application security study.

1 of 34
Sponsored by IBM and Arxan Technologies Dr. Larry Ponemon, Ponemon Institute Neil K. Jones, IBM Security Mandeep Khera, Arxan Technologies 2017 Study on Mobile and Internet of Things Application Security
Agenda  Overview of “2017 State of Mobile and IoT Application Security” study  Key findings  Risk of mobile and IoT applications  Are organizations mobilized to reduce security risk?  Current security practices in place  Survey methodology  Q&A session
Presenters Neil K. Jones, Application Security Market Segment Manager, IBM Security Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute Mandeep Khera, Chief Marketing Officer, Arxan Technologies
Purpose of the study The purpose of this research is to understand how companies are reducing the risk of mobile apps and Internet of Things (IoT) in the workplace. The risks created by mobile apps have been well researched and documented. This study reveals how companies are unprepared for risks created by vulnerabilities in IoT apps. January 18, 2017 Ponemon Institute Presentation Private and Confidential 3
Sample response Frequency Percentage Sampling frame 16,450 100.0% Total returns 651 4.0% Rejected or screened surveys 58 0.4% Final sample 593 3.6% January 18, 2017 Ponemon Institute Presentation Private and Confidential 4
A summary of key findings in this research • Many organizations are worried about an attack against mobile and IoT apps that are used in the workplace. • Organizations have no confidence or are not confident they know all mobile and IoT apps in the workplace. • The use of mobile and IoT apps are threats to a strong security posture. • Mobile and IoT risks exist because end-user convenience is considered more important than security. • The functions most responsible for mobile and IoT security reside outside the security function. • Hacking incidents and regulations drive growth in budgets. • Despite the risk, there is a lack of urgency to address mobile and IoT security threats. • Malware is believed to pose a greater threat to mobile than IoT apps. January 18, 2017 Ponemon Institute Presentation Private and Confidential 5
Page 6 The risk of mobile and IoT apps Ponemon Institute Presentation Private and Confidential
How difficult is it to secure mobile and IoT apps? 1 = easy to 10 = very difficult, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 7 84% 69% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Level of difficulty in securing IoT apps Level of difficulty in securing mobile apps
How concerned is your organization about getting hacked through a mobile or an IoT app? Very concerned and Concerned responses combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 8 58% 53% 0% 10% 20% 30% 40% 50% 60% 70% Hacked through an IoT app Hacked through a mobile app
How concerned is your organization about the threat of malware to mobile and IoT apps? 1 = no concern to 10 = very concerned, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 9 84% 66% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Threat of malware to mobile apps Threat of malware to IoT apps
How significantly does employees’ mobile and IoT apps use affect your organization’s security risk posture? Very significant and Significant increase responses are combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 10 79% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Use of mobile apps Use of IoT apps
How confident are you that your organization knows all of the mobile and IoT apps in the workplace? Not confident or No confidence responses are combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 11 75% 63% 0% 10% 20% 30% 40% 50% 60% 70% 80% Knowledge of all the IoT apps used by employees in the workplace Knowledge of all the mobile applications used by employees in the workplace
How important is end-user convenience when building and/or deploying mobile and IoT apps? 1 = not important to 10 = very important, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 12 68% 62% 0% 10% 20% 30% 40% 50% 60% 70% 80% End-user convenience when building and/or deploying IoT apps in the workplace End-user convenience when building and/or deploying mobile apps in the workplace
Who is primarily responsible for the security of mobile and IoT apps? January 18, 2017 Ponemon Institute Presentation Private and Confidential 13 11% 2% 16% 31% 5% 21% 14% 11% 3% 8% 11% 15% 20% 32% 0% 5% 10% 15% 20% 25% 30% 35% No one person is responsible Head, quality assurance User of mobile apps Head, application development CISO/CSO Lines of business (LOB) CIO/CTO Responsible for the security of mobile apps Responsible for the security of IoT apps
Would any of the following factors influence your organization to increase the budget? Two responses permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 14 15% 10% 12% 15% 23% 25% 46% 54% 0% 10% 20% 30% 40% 50% 60% None of the above Concern over potential loss of customers due to a security incident Government incentives such as tax credits Concern over potential loss of revenues due to a security incident Concern over relationship with business partners and other third parties Media coverage of a serious hacking incident affecting another company New regulations A serious hacking incident affecting your organization
Page 15 Are organizations mobilized to reduce the risk? Ponemon Institute Presentation Private and Confidential
How concerned are you about the use of insecure mobile and IoT apps in the workplace? 1 = not concerned to 10 = very concerned, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 16 70% 64% 0% 10% 20% 30% 40% 50% 60% 70% 80% Insecure IoT apps Insecure mobile applications
Please rate your organization’s urgency in securing mobile and IoT apps. 1 = low urgency to 10 = high urgency, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 17 42% 32% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Urgency in securing IoT apps Urgency in securing mobile apps
Has your organization experienced a data breach or cyber attack because of an insecure mobile or IoT app? January 18, 2017 Ponemon Institute Presentation Private and Confidential 18 11% 15% 34% 40% 4% 11% 31% 54% 0% 10% 20% 30% 40% 50% 60% Yes, known with certainty Yes, most likely Yes, likely No, not likely Data breach or cyber attack caused by an insecure mobile app Data breach or cyber attack caused by an insecure IoT app
Page 19 Current security practices in place Ponemon Institute Presentation Private and Confidential
How often does your organization test mobile and IoT apps? January 18, 2017 Ponemon Institute Presentation Private and Confidential 20 48% 26% 14% 7% 5% 0% 26% 35% 18% 8% 10% 3% 0% 10% 20% 30% 40% 50% 60% We do not test Testing is not pre-scheduled Every time the code changes Unsure Annually Monthly Mobile apps IoT apps
Where are mobile and IoT apps tested? January 18, 2017 Ponemon Institute Presentation Private and Confidential 21 39% 32% 29% 58% 26% 16% 0% 10% 20% 30% 40% 50% 60% 70% Primarily in production Primarily in development Both in production and development Mobile apps IoT apps
Top five means of securing mobile and IoT apps More than one response permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 22 15% 26% 26% 30% 39% 30% 51% 53% 55% 57% 0% 10% 20% 30% 40% 50% 60% Security testing throughout the SDLC Dynamic application security testing Static application security testing Educate developers on safe coding Penetration testing Primary means of securing mobile apps Primary means of securing IoT apps
The most difficult OWASP mobile app security risks to mitigate Very difficult and Difficult responses combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 23 35% 38% 41% 43% 47% 50% 60% 62% 65% 70% 0% 10% 20% 30% 40% 50% 60% 70% 80% Lack of Binary Protection Improper Session Handling Security Decisions Via Untrusted Inputs Insecure Data Storage Insufficient Transport Layer Protection Poor Authorization and Authentication Client Side Injection Weak Server Side Controls Unintended Data Leakage Broken Cryptography
The main reasons why mobile and IoT apps contain vulnerable code More than one response permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 24 4% 21% 33% 36% 40% 48% 51% 65% 69% 3% 18% 30% 36% 55% 44% 49% 65% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% Other Application development tools have inherent bugs Lack of understanding/training on secure coding practices Incorrect permissions Lack of quality assurance and testing procedures Malicious coding errors Lack of internal policies or rules that clarify security requirements Accidental coding errors Rush to release pressures on application development team Reason why IoT apps contain vulnerable code Reason why mobile apps contain vulnerable code
Page 25 Methods Ponemon Institute Presentation Private and Confidential
Current position level within the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 26 2% 3% 16% 22% 15% 40% 2% Senior Executive Vice President Director Manager Supervisor Technician/Staff Contractor
The primary person reported to within the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 27 54% 18% 9% 6% 4% 2% 2%2% 3% Chief Information Officer Chief Information Security Officer Chief Technology Officer Chief Risk Officer Chief Security Officer Chief Operating Officer Compliance Officer Data center management Other
Primary industry classification January 18, 2017 Ponemon Institute Presentation Private and Confidential 28 18% 11% 10% 10%9% 9% 8% 5% 5% 3% 3% 2%2%2% 3% Financial services Health & pharmaceuticals Public sector Services Industrial & manufacturing Retail Technology & software Consumer products Energy & utilities Entertainment & media Hospitality Communications Education & research Transportation Other
Worldwide headcount of the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 29 8% 13% 21% 25% 17% 9% 7% Less than 100 100 to 500 501 to 1,000 1,001 to 5,000 5,001 to 25,000 25,001 to 75,000 More than 75,000
Arxan and IBM End-to-End Mobile and IoT Security Solution Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Device Security Content Security Application Security Identity & Access Provision, manage and secure Corporate and BYOD devices Secure enterprise content sharing and segregate enterprise and personal data Develop secure, vulnerability free, hardened and risk aware applications Secure access and transactions for customers, partners and employees Security Intelligence A unified architecture for integrating mobile security information and event management (SIEM), log management, anomaly detection, and configuration and vulnerability management IBM QRadar Security Intelligence Platform IBM MobileFirst Protect (MaaS360) IBM Security AppScan, Arxan Application Protection, IBM Trusteer Mobile SDK IBM Security Access Manager for Mobile, IBM Trusteer Pinpoint Security Intelligence Content Security Application Security Identity & Access Device Security DATA Personal and Consumer Enterprise © Copyright IBM Corporation 2016. All rights reserved.
• Link to study: 2017 State of Mobile & IoT Application Security • Related blog: Is IoT Security a Ticking Time Bomb? • Learn more about the IBM Security & Arxan Technologies partnership 31 Resources to learn more
Page 32 Q&A Ponemon Institute Toll Free: 800.887.3118 Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA research@ponemon.org Neil K. Jones nkjones@us.ibm.com Mandeep Khera mkhera@arxan.com Ponemon Institute Presentation Private and Confidential
Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web- based surveys. • Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. • Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are involved in the security of mobile and IoT application security in their organizations. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge that the results may be biased by external events such as media coverage. Finally, because we used a Web-based collection method, it is possible that non-Web responses by mailed survey or telephone call would result in a different pattern of findings. • Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response. January 18, 2017 Ponemon Institute Presentation Private and Confidential 33

Recommended

Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
IBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016
IBM Security
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
IBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
IBM Security
 
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksLife on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
IBM Security
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19
IBM Sverige
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
IBM Security
 

Recommended

Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
IBM Security
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016
IBM Security
 
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune SystemCybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
IBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
IBM Security
 
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksLife on the Endpoint Edge: Winning the Battle Against Cyber Attacks
Life on the Endpoint Edge: Winning the Battle Against Cyber Attacks
IBM Security
 
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19
IBM Sverige
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
IBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
IBM Security
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
IBM Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and Reputation
IBM Security
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty Visualization
Doug Cogswell
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
IBM Security
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies ahead
IBM Security
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions Roadmap
IBM Security
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS Solution
IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Security
scoopnewsgroup
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
IBM Sverige
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
IBM Security
 
Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativeChris Pepin
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
IBM Security
 

More Related Content

What's hot

Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
IBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
IBM Security
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
IBM Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and Reputation
IBM Security
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty Visualization
Doug Cogswell
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
IBM Security
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies ahead
IBM Security
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions Roadmap
IBM Security
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS Solution
IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Security
scoopnewsgroup
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
IBM Sverige
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
IBM Security
 

What's hot (20)

Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
The Economics of IT Risk and Reputation
The Economics of IT Risk and ReputationThe Economics of IT Risk and Reputation
The Economics of IT Risk and Reputation
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty Visualization
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 
Compliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies aheadCompliance is a pit stop – your destination lies ahead
Compliance is a pit stop – your destination lies ahead
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions Roadmap
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS Solution
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Security
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 

Viewers also liked

Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativeChris Pepin
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
IBM Security
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
Chris Pepin
 
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primerPulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
Chris Pepin
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
IBM Security
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
IBM Security
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee
Prolifics
 
Mitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-Radar
Francisco González Jiménez
 
How to lead a large organization through agile transformation bodhi choudhuri
How to lead a large organization through agile transformation bodhi choudhuriHow to lead a large organization through agile transformation bodhi choudhuri
How to lead a large organization through agile transformation bodhi choudhuri
Bodhi Choudhuri
 
Computación básica
Computación básicaComputación básica
Computación básica
deyipaola
 

Viewers also liked (11)

Pulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiativePulse 2013 - How to run a successful BYOD initiative
Pulse 2013 - How to run a successful BYOD initiative
 
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat PreventionIntroducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
 
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primerPulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
Pulse 2013 - Mobile strategy and user centered design, an IBM interactive primer
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee
 
Mitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-Radar
 
How to lead a large organization through agile transformation bodhi choudhuri
How to lead a large organization through agile transformation bodhi choudhuriHow to lead a large organization through agile transformation bodhi choudhuri
How to lead a large organization through agile transformation bodhi choudhuri
 
Computación básica
Computación básicaComputación básica
Computación básica
 

Similar to Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Application Security Study"

New Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesNew Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challenges
Synopsys Software Integrity Group
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Lumension
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested Reality
Zimperium
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
NowSecure
 
Ponemon Institute Research Report
Ponemon Institute Research ReportPonemon Institute Research Report
Ponemon Institute Research Report
Peter Tutty
 
Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity
Casey Lucas
 
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
AGILLY
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
Tim Youm
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Bill Burns
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
Salesforce Developers
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
CAS
 
2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain
Cameron Townshend
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
IDG
 
How Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesHow Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile Devices
Skycure
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the Workplace
Blueboxer2014
 

Similar to Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Application Security Study" (20)

New Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesNew Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challenges
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
Mobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested RealityMobile Security: Perceptions vs Device-harvested Reality
Mobile Security: Perceptions vs Device-harvested Reality
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
 
Ponemon Institute Research Report
Ponemon Institute Research ReportPonemon Institute Research Report
Ponemon Institute Research Report
 
Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity
 
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
Sécurité Mobile : Votre Entreprise est-elle préparée pour 2020?
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
 
2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
 
How Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesHow Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile Devices
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the Workplace
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ck
 

More from IBM Security

Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
IBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
IBM Security
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
 

More from IBM Security (10)

Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 

Recently uploaded

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 

Recently uploaded (20)

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 

Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Application Security Study"

  • 1. Sponsored by IBM and Arxan Technologies Dr. Larry Ponemon, Ponemon Institute Neil K. Jones, IBM Security Mandeep Khera, Arxan Technologies 2017 Study on Mobile and Internet of Things Application Security
  • 2. Agenda  Overview of “2017 State of Mobile and IoT Application Security” study  Key findings  Risk of mobile and IoT applications  Are organizations mobilized to reduce security risk?  Current security practices in place  Survey methodology  Q&A session
  • 3. Presenters Neil K. Jones, Application Security Market Segment Manager, IBM Security Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute Mandeep Khera, Chief Marketing Officer, Arxan Technologies
  • 4. Purpose of the study The purpose of this research is to understand how companies are reducing the risk of mobile apps and Internet of Things (IoT) in the workplace. The risks created by mobile apps have been well researched and documented. This study reveals how companies are unprepared for risks created by vulnerabilities in IoT apps. January 18, 2017 Ponemon Institute Presentation Private and Confidential 3
  • 5. Sample response Frequency Percentage Sampling frame 16,450 100.0% Total returns 651 4.0% Rejected or screened surveys 58 0.4% Final sample 593 3.6% January 18, 2017 Ponemon Institute Presentation Private and Confidential 4
  • 6. A summary of key findings in this research • Many organizations are worried about an attack against mobile and IoT apps that are used in the workplace. • Organizations have no confidence or are not confident they know all mobile and IoT apps in the workplace. • The use of mobile and IoT apps are threats to a strong security posture. • Mobile and IoT risks exist because end-user convenience is considered more important than security. • The functions most responsible for mobile and IoT security reside outside the security function. • Hacking incidents and regulations drive growth in budgets. • Despite the risk, there is a lack of urgency to address mobile and IoT security threats. • Malware is believed to pose a greater threat to mobile than IoT apps. January 18, 2017 Ponemon Institute Presentation Private and Confidential 5
  • 7. Page 6 The risk of mobile and IoT apps Ponemon Institute Presentation Private and Confidential
  • 8. How difficult is it to secure mobile and IoT apps? 1 = easy to 10 = very difficult, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 7 84% 69% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Level of difficulty in securing IoT apps Level of difficulty in securing mobile apps
  • 9. How concerned is your organization about getting hacked through a mobile or an IoT app? Very concerned and Concerned responses combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 8 58% 53% 0% 10% 20% 30% 40% 50% 60% 70% Hacked through an IoT app Hacked through a mobile app
  • 10. How concerned is your organization about the threat of malware to mobile and IoT apps? 1 = no concern to 10 = very concerned, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 9 84% 66% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Threat of malware to mobile apps Threat of malware to IoT apps
  • 11. How significantly does employees’ mobile and IoT apps use affect your organization’s security risk posture? Very significant and Significant increase responses are combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 10 79% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Use of mobile apps Use of IoT apps
  • 12. How confident are you that your organization knows all of the mobile and IoT apps in the workplace? Not confident or No confidence responses are combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 11 75% 63% 0% 10% 20% 30% 40% 50% 60% 70% 80% Knowledge of all the IoT apps used by employees in the workplace Knowledge of all the mobile applications used by employees in the workplace
  • 13. How important is end-user convenience when building and/or deploying mobile and IoT apps? 1 = not important to 10 = very important, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 12 68% 62% 0% 10% 20% 30% 40% 50% 60% 70% 80% End-user convenience when building and/or deploying IoT apps in the workplace End-user convenience when building and/or deploying mobile apps in the workplace
  • 14. Who is primarily responsible for the security of mobile and IoT apps? January 18, 2017 Ponemon Institute Presentation Private and Confidential 13 11% 2% 16% 31% 5% 21% 14% 11% 3% 8% 11% 15% 20% 32% 0% 5% 10% 15% 20% 25% 30% 35% No one person is responsible Head, quality assurance User of mobile apps Head, application development CISO/CSO Lines of business (LOB) CIO/CTO Responsible for the security of mobile apps Responsible for the security of IoT apps
  • 15. Would any of the following factors influence your organization to increase the budget? Two responses permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 14 15% 10% 12% 15% 23% 25% 46% 54% 0% 10% 20% 30% 40% 50% 60% None of the above Concern over potential loss of customers due to a security incident Government incentives such as tax credits Concern over potential loss of revenues due to a security incident Concern over relationship with business partners and other third parties Media coverage of a serious hacking incident affecting another company New regulations A serious hacking incident affecting your organization
  • 16. Page 15 Are organizations mobilized to reduce the risk? Ponemon Institute Presentation Private and Confidential
  • 17. How concerned are you about the use of insecure mobile and IoT apps in the workplace? 1 = not concerned to 10 = very concerned, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 16 70% 64% 0% 10% 20% 30% 40% 50% 60% 70% 80% Insecure IoT apps Insecure mobile applications
  • 18. Please rate your organization’s urgency in securing mobile and IoT apps. 1 = low urgency to 10 = high urgency, 7+ responses reported January 18, 2017 Ponemon Institute Presentation Private and Confidential 17 42% 32% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Urgency in securing IoT apps Urgency in securing mobile apps
  • 19. Has your organization experienced a data breach or cyber attack because of an insecure mobile or IoT app? January 18, 2017 Ponemon Institute Presentation Private and Confidential 18 11% 15% 34% 40% 4% 11% 31% 54% 0% 10% 20% 30% 40% 50% 60% Yes, known with certainty Yes, most likely Yes, likely No, not likely Data breach or cyber attack caused by an insecure mobile app Data breach or cyber attack caused by an insecure IoT app
  • 20. Page 19 Current security practices in place Ponemon Institute Presentation Private and Confidential
  • 21. How often does your organization test mobile and IoT apps? January 18, 2017 Ponemon Institute Presentation Private and Confidential 20 48% 26% 14% 7% 5% 0% 26% 35% 18% 8% 10% 3% 0% 10% 20% 30% 40% 50% 60% We do not test Testing is not pre-scheduled Every time the code changes Unsure Annually Monthly Mobile apps IoT apps
  • 22. Where are mobile and IoT apps tested? January 18, 2017 Ponemon Institute Presentation Private and Confidential 21 39% 32% 29% 58% 26% 16% 0% 10% 20% 30% 40% 50% 60% 70% Primarily in production Primarily in development Both in production and development Mobile apps IoT apps
  • 23. Top five means of securing mobile and IoT apps More than one response permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 22 15% 26% 26% 30% 39% 30% 51% 53% 55% 57% 0% 10% 20% 30% 40% 50% 60% Security testing throughout the SDLC Dynamic application security testing Static application security testing Educate developers on safe coding Penetration testing Primary means of securing mobile apps Primary means of securing IoT apps
  • 24. The most difficult OWASP mobile app security risks to mitigate Very difficult and Difficult responses combined January 18, 2017 Ponemon Institute Presentation Private and Confidential 23 35% 38% 41% 43% 47% 50% 60% 62% 65% 70% 0% 10% 20% 30% 40% 50% 60% 70% 80% Lack of Binary Protection Improper Session Handling Security Decisions Via Untrusted Inputs Insecure Data Storage Insufficient Transport Layer Protection Poor Authorization and Authentication Client Side Injection Weak Server Side Controls Unintended Data Leakage Broken Cryptography
  • 25. The main reasons why mobile and IoT apps contain vulnerable code More than one response permitted January 18, 2017 Ponemon Institute Presentation Private and Confidential 24 4% 21% 33% 36% 40% 48% 51% 65% 69% 3% 18% 30% 36% 55% 44% 49% 65% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% Other Application development tools have inherent bugs Lack of understanding/training on secure coding practices Incorrect permissions Lack of quality assurance and testing procedures Malicious coding errors Lack of internal policies or rules that clarify security requirements Accidental coding errors Rush to release pressures on application development team Reason why IoT apps contain vulnerable code Reason why mobile apps contain vulnerable code
  • 26. Page 25 Methods Ponemon Institute Presentation Private and Confidential
  • 27. Current position level within the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 26 2% 3% 16% 22% 15% 40% 2% Senior Executive Vice President Director Manager Supervisor Technician/Staff Contractor
  • 28. The primary person reported to within the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 27 54% 18% 9% 6% 4% 2% 2%2% 3% Chief Information Officer Chief Information Security Officer Chief Technology Officer Chief Risk Officer Chief Security Officer Chief Operating Officer Compliance Officer Data center management Other
  • 29. Primary industry classification January 18, 2017 Ponemon Institute Presentation Private and Confidential 28 18% 11% 10% 10%9% 9% 8% 5% 5% 3% 3% 2%2%2% 3% Financial services Health & pharmaceuticals Public sector Services Industrial & manufacturing Retail Technology & software Consumer products Energy & utilities Entertainment & media Hospitality Communications Education & research Transportation Other
  • 30. Worldwide headcount of the organization January 18, 2017 Ponemon Institute Presentation Private and Confidential 29 8% 13% 21% 25% 17% 9% 7% Less than 100 100 to 500 501 to 1,000 1,001 to 5,000 5,001 to 25,000 25,001 to 75,000 More than 75,000
  • 31. Arxan and IBM End-to-End Mobile and IoT Security Solution Enterprise Applications and Cloud Services Identity, Fraud, and Data Protection Device Security Content Security Application Security Identity & Access Provision, manage and secure Corporate and BYOD devices Secure enterprise content sharing and segregate enterprise and personal data Develop secure, vulnerability free, hardened and risk aware applications Secure access and transactions for customers, partners and employees Security Intelligence A unified architecture for integrating mobile security information and event management (SIEM), log management, anomaly detection, and configuration and vulnerability management IBM QRadar Security Intelligence Platform IBM MobileFirst Protect (MaaS360) IBM Security AppScan, Arxan Application Protection, IBM Trusteer Mobile SDK IBM Security Access Manager for Mobile, IBM Trusteer Pinpoint Security Intelligence Content Security Application Security Identity & Access Device Security DATA Personal and Consumer Enterprise © Copyright IBM Corporation 2016. All rights reserved.
  • 32. • Link to study: 2017 State of Mobile & IoT Application Security • Related blog: Is IoT Security a Ticking Time Bomb? • Learn more about the IBM Security & Arxan Technologies partnership 31 Resources to learn more
  • 33. Page 32 Q&A Ponemon Institute Toll Free: 800.887.3118 Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA research@ponemon.org Neil K. Jones nkjones@us.ibm.com Mandeep Khera mkhera@arxan.com Ponemon Institute Presentation Private and Confidential
  • 34. Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web- based surveys. • Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. • Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are involved in the security of mobile and IoT application security in their organizations. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge that the results may be biased by external events such as media coverage. Finally, because we used a Web-based collection method, it is possible that non-Web responses by mailed survey or telephone call would result in a different pattern of findings. • Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response. January 18, 2017 Ponemon Institute Presentation Private and Confidential 33