IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
#
Endpoint Protection
#
DevOps
#
APM

Video: 10 Minute IT Jams - An update from Appdome with Jan Sysmans

Mon, 16th Oct 2023
FYI, this story is more than a year old
Author image
By Tom Raynel, Managing Editor

Mobile applications are now at the heart of consumer-brand engagement. As these digital channels become more prominent, so does the threat landscape surrounding them. Yan Sans, Mobile App Security Evangelist at Appdome, recently shed light on how businesses can respond to evolving cyber threats and why mobile app security can no longer be an afterthought.

Appdome provides a patented no-code mobile security and development platform, offering developers and cyber defence teams the means to secure Android and iOS apps in seconds. During our conversation, Sans explained, "We are the one-stop shop for mobile app defence at Appdome. Consumer brands have the ability to create a security model to protect their mobile apps against cyber threats, mobile fraud, mobile malware, and even cheating capabilities often targeting mobile games."

According to Sans, the platform fully integrates into existing DevOps workflows, allowing seamless adoption without disrupting established processes. "From a developer standpoint, all they see is an API call from their system build system into Appdome. The required security model gets implemented without the developer having to make any changes to how they build their apps today," he said.

One of Appdome's unique features is offering proof of protection for each build – an 'artifact of proof', as Sans described it. He elaborated, "With each build on Appdome, we provide evidence to both the cyber team and the dev team that the required security model is indeed implemented." This approach, he argued, eliminates the often-contentious gap between developers and cyber security professionals. "Cyber teams now have the visibility and control over the security model, and the development team no longer has to provide pen tests or code scans to prove the protections are in place," Sans said.

But as easy as it is for brands to become complacent about mobile app security, recent trends show that they ignore it at their peril. Appdome's own research into consumer sentiment highlights just how important mobile channels have become, particularly in Asia-Pacific.

"Appdome surveys consumers globally on an annual basis on their expectations of mobile app security, and in APAC, 58% of consumers said they prefer mobile as their digital channel," Sans explained. He added, "In fact, mobile is four times as high as web as a preference. Consumers are clearly saying, 'We want to engage with brands using mobile apps.'"

He maintained that brands need to align their cyber investments with where customers — and revenue — reside. "If a brand is spending all its cyber investments on the traditional network edge, they are missing out. They are no longer cyber-resilient because they are not investing where their customers and revenues are." Sans stressed, "To be fully cyber-resilient, brands need to put their security investments where their customers are, and that is overwhelmingly mobile these days."

The rise of mobile app usage, however, also brings the spectre of automation-driven attacks. Sans referred to the rapidly evolving "exploit economy", where malicious actors innovate ceaselessly to bypass legacy security. "The exploit economy is all based on automation, finding ways to trick users into granting permissions to malware," he said. "They need only a very low success rate to fund malicious activities, and they are continuously innovating."

He offered a real-world illustration to highlight the issue. "Say you have a friend trying to buy a concert ticket — she can make maybe one purchase attempt per second, if she's very quick with her fingers. A malicious person can write a bot to do 10,000 transactions per second, snap up the tickets, and then resell them at many times the price," Sans said. "The same bot technology can be used to break into bank accounts with thousands of attempts per second using credentials found on the dark web, potentially leading to account takeover before anyone notices."

According to Sans, traditional cyber protections are now insufficient. "If you are looking at protecting the network edge, those old defences simply don't keep up with what attackers are using today," he noted. The solution, he suggested, lies in agility and proactive defence. "Brands need to identify these new threats quickly, and update their security models at pace, without burdening developers with continuous security work."

So how does Appdome itself stay ahead of the curve? Sans was candid about their multi-layered approach. "We have a security research team whose job it is to be on the lookout for new threats. They live where the malicious people live — on the dark web, in Telegram groups — and learn about new exploits," he said. This intelligence is then tested and acted upon by Appdome's engineering team. "If we don't actively protect against a new threat, we update how Appdome builds protections so that the next time our customers build their security model, they get those updated defences automatically," he explained.

A cornerstone of their strategy is a highly flexible, modular architecture backed by artificial intelligence. "It's based on a microservice architecture at the back end, and the platform's AI engine selects the appropriate code base to implement defences according to the toggles set by the customer," Sans said. For customers, that means protections are updated behind the scenes. "If someone comes up with a new jailbreak tool, a new rooting technique, or a bot attack, users subscribed to those protections get the latest updates the next time they build — all included in their service contract."

Sans was eager to emphasise Appdome's open approach to collaboration and knowledge sharing. "We have a very extensive knowledge base where people can go to find out more about specific threats and services," he said. With teams based across Asia Pacific, Appdome offers support to brands seeking to fortify their digital channels.

As mobile attacks become more sophisticated and frequent, the message from Sans was clear — agility, visibility, and prioritising the key digital frontiers are essential for any brand serious about cyber resilience. "The key thing for brands is to be able to identify these new threats very quickly and update their security model in a rapid, agile way — all without putting the onus on the developers," he said. "That's how you protect your consumers from large-scale attacks before they have a chance to do real harm."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Orange Cyberdefense earns Cortex XMDR Select status in Asia Pacific
Freepik launches AI-powered enterprise service for large firms
HAT Distribution brings NinjaOne IT platform to ANZ partners
DXC introduces new service to speed SAP migration to Microsoft Azure
myCOI launches illumend to automate insurance compliance tasks
Top stories
Ignition launches AutoCollect to automate late invoice payments
EY & SAP launch integrated finance service to drive growth
AI adoption in B2B drives revenue growth & boosts hiring
Freedman Group acquires Lectrosonics to boost global audio reach
Extend unveils open-source AI toolkit for smarter finance