While security teams focus on patching operating systems and web browsers, vulnerabilities in those two types of software typically account for a small amount of publicly disclosed vulnerabilities.
Most vulnerabilities exist in applications, pointing to a need to assess and patch those with greater frequency.
“Increasingly, we are finding that companies are missing vulnerabilities in their environments because they have no visibility, controls or security for apps. Employees are finding and downloading all manner of third-party enterprise applications to make their jobs easier.
“File sync and sharing apps in particular are extremely popular and allow employees to store vast amounts of company information in the cloud. Other commonly used applications include instant messaging tools. Of course, these come with the risk of exposure of critical and confidential business information,” warns Richard Broeke, an IT security specialist at Securicom.
Aside from the potential risk of exposure, there is the risk of malware to consider. Malicious unmanned applications downloaded onto desktops and devices can expose the entire network to security issues. However, apps can improve productivity and work efficiencies. So, the answer, believes Broeke, is not to put a blanket ban on employees using all of them.
Instead, users should be allowed to access approved enterprise apps and companies must have a clear policy on their usage to avoid unmanned and possibly unsafe tools entering the business.
To prevent employees from using a diversity of apps which all do the same thing, companies can implement policies and technologies which allow certain ones while blocking other tools. This limits the number of unmanned applications at play in the organisation.
“Measures can be put in place to identify unsanctioned apps and enforce corporate policies regarding the use of cloud resources. Robust tools are available to monitor activity for anything unusual,” says Broeke, adding that with the right technologies, companies can make a selection of applications available to employees and these can be managed within the network environment.
He also stresses the importance of keeping apps updated to the latest versions. In 2016 Trends in Cybersecurity Microsoft reports that Adobe Flash Player objects were the most commonly detected type of object, appearing on more than 90% of malicious pages over a one year period. This points hackers moving away from Java to Adobe Flash Player for hosting malicious web content.
“It also highlights the importance of prioritizing the installation of updated to help protect against emerging threats. This goes for all applications,” says Broeke.
He concludes saying that by combining effective security products with a firm IT security policy, apps can be leveraged without exposing the network.