Lookout has a released a new report showing that mobile phishing exposure doubled among financial services in 2020 despite a significant increase in mobile device management (MDM) deployment. The report also uncovered a surge in exposure to malicious and risky applications among the industry’s employees and customers.
Between 2019 and 2020, Lookout data found that financial services and insurance organisations concluded that; exposure to significant risks despite MDM increased by 125% with malware and app risk exposure increasing by over 400%, credential stealing phishing attacks are still a major problem and mobile applications are a security gap with nearly 20% of mobile banking customers having a trojanized app on their device when trying to sign into their personal mobile banking account.
In addition, the report found that 21% of iOS devices and 32% of Android devices were exposed to more than 390 iOS and 1,060 Android vulnerabilities because they were running iOS 13 or earlier and Android 10 or earlier. A delay in users updating their mobile devices creates a window of opportunity for a threat actor to gain access to an organisation’s infrastructure and steal data.
The Lookout report also highlights how cyber-attackers are deliberately targeting phones, tablets and Chrome books to increase their odds of finding a vulnerable entry point. A single successful phishing or mobile ransomware attack can give attackers access to proprietary market research, client financials, investment strategies and cash or other liquid assets. These attacks can take the form of mobile phishing, apps containing malware, exploits of app or device vulnerabilities, and using risky networks outside of the traditional office perimeter.
“These findings demonstrate that regardless of whether a device is managed or unmanaged, attackers have equal success in deploying phishing campaigns,” said Gert-Jan Schenk, Chief Revenue Officer, Lookout. “In addition, phishing can be particularly difficult to detect on a mobile device. We inherently trust these devices, which makes us vulnerable to social engineering attacks. Protecting modern endpoints requires a different approach – one that is built from the ground up for mobile and can continuously secure an organisations’ data from endpoint to the cloud.”