Strava App Security Flap: It Could Happen to You

Strava, a fitness tracking app that posts maps of users’ activity, has been in the news this week after unwittingly revealing the outlines of U.S. military bases and troop activity around the world, forcing the U.S. military to adjust its policy for wearable and mobile devices.

Strava is the latest example of a now global issue: poorly designed apps or apps with weak security can provide a backdoor for attackers to gain entry into an organization’s corporate network or share sensitive data not meant for public consumption.

If you’re an IT manager, this scenario should send chills up your spine. It makes IT’s role in defending against cyberattacks more difficult than ever.

The challenge intensifies when IT departments are forced to tackle employees’ lackadaisical attitudes toward security and their failure to take precautionary steps against attacks, according to the latest results from the A10 Networks Application Intelligence Report (AIR).

This global survey revealed that employees often unknowingly weaken cybersecurity by using unsanctioned apps, like the recent incident with Strava.

For example, according to A10 AIR:

  • 48 percent of IT leaders say employees just don’t care about following security practices
  • 30 percent of employees surveyed knowingly use apps their companies forbid
  • 36 percent of employees say their IT department doesn’t have the right to tell them what apps they can’t use
  • 51 percent of employees who use unsanctioned apps at work do so because “everybody does it”
  • 33 percent of employees say they use unsanctioned apps because their employer doesn’t give them the right apps to get the job done
  • 37 percent of employees don’t know what a DDoS attack is or are unaware of how they could unknowingly become victimized

The bottom line is, it’s hard to protect someone who isn’t familiar with the warning signs associated with attacks – or willing to learn about them.

With often poor understanding of corporate security policies, this behavior increases the risks that come with a growing reliance on disparate and app-dependent workforces, especially when one third of employees surveyed knowingly use apps their companies forbid.

What is A10 AIR?

The intent of A10 Networks in commissioning the AIR research is to explore the interaction of employees with applications and the growing security implications that result personally and for businesses and their IT organizations. Earlier this year, AIR examined the rise in use of apps in our “blended lives,” blurring lines between work and personal business through use of apps at home and in the office.

AIR was commissioned by A10 Networks and conducted independently by strategic research firm Provoke Insights. It involves more than 2,000 business and IT professionals with the intent to provide education for organizations and their IT departments that can help them reassess corporate policies and ultimately protect their businesses – and their applications – by simply becoming more aware of the behavior of their employees.

The research was conducted in 10 countries, representing some of the world’s largest economies and fastest growing populations of technology adopters: Brazil, China, France, Germany, India, Japan, Singapore, South Korea, the United Kingdom and the United States.

Learn more and see more data in our free ebook.

Add new comment