Keeping Online Shopping Safe
Mobile commerce accounted for 23 percent of the money spent on online U.S. retail shopping (retail e-commerce) in Q3 2017, up from 16 percent in the same quarter of 2015. Look no further than the struggling local mall for evidence of how much consumers love to shop online. It’s no fluke that Amazon’s Jeff Bezos is the world’s wealthiest individual.
Retailers are catering to their customers with online apps, websites and omnichannel marketing. Online ads and social campaigns have their own benefits and drawbacks, including fraud and impersonation, but the real security risk lies in branded apps. No matter how securely your apps are built, the cyber hygiene of your end users’ mobile devices is out of your control. Users are notoriously lax about cyber hygiene, and may be even more so when it comes to everyday purchases (compared to fintech or healthcare transactions).
Why is it so challenging to secure retail mobile apps?
Mobile device management solutions (MDM, EMM) are device-centric and so cannot provide any control over the devices belonging to end-users of an m-commerce app. Those unmanaged endpoints run the app’s executable code, and that code can be accessed and altered by a compromised operating system. The executable code for web applications and services resides primarily on enterprise systems, and can be protected and monitored accordingly. Mobile app code resides primarily on the mobile device itself.
Without a solution like HackGuard, the executable code of mobile apps cannot be monitored, protected, or remediated. There’s a rule of thumb for public-facing apps that might surprise any retailer new to the app publishing business. Let’s call it the 200 Rule: The typical organization with 1000 employees can assume they have around 200,000 public app users. That’s 200,000-plus smartphones, tablets, and notebooks over which you have no control. (And given the capriciousness of retail trends and consumer crazes, those numbers could surge unpredictably.)Until you have detailed information about the health of the environments your app is operating in, your attack surface is expansive and your security team is blind.
Of course clean, secure-by-design app development is important. The good news is, that part is under our control and developers keep up with security requirements. Even when the developer has done everything right, the app can still be vulnerable. There are approximately 3000 open vulnerabilities in Android and iOS. As we know, any security that depends on users’ cyber hygiene and patching practices is bound to fail. Moreover, it’s all too easy for hackers to reverse engineer apps. The same goes for malware development — hackers can even buy exploit kits on the Internet.
Mobile antivirus is incapable of even accessing an app’s executable code. AppVision researchers have white hat hacked widely used retail apps in order to further analyze the dynamics of mobile app security environments. They observed that none of the tested antivirus products generated alerts or warnings, having failed to detect the compromise to the app’s executable code. HackGuard was consistently successful in detecting and responding to these same attacks.
How can HackGuard help retailers protect their business and their customers?
No matter where they wander in the world, your mobile apps can be made hack-proof with HackGuard technology and professional services. With an app-centric focus, this SaaS solution is purpose-built, affordable and easily implemented by any type of retail brand (including entertainment, dining, and hospitality brands) that provides mobile apps for its customers.
HackGuard is an Endpoint Detection and Response (EDR) solution designed specifically to protect mobile app executable code and provide deep discovery of an app’s operating environment. It is threat-vector agnostic, meaning it can protect against all types of attacks, including Zero Days.
Think of HackGuard as a guardian angel, lightly sitting on the shoulder of your mobile app, keeping it safe wherever it may wander. With HackGuard, you can deploy comprehensive protection in just minutes, and begin detecting attacks immediately.
HackGuard is mobile app security that works all of the time, on every device, and against all kinds of attacks. When your brand is on the line and your customers are ready to click the buy button, make sure HackGuard keeps your app safe for shopping on the go.