Shifts to a remote workforce in 2020 gave cybercriminals an opportunity to change tactics, focusing on credentialed access to systems accessed from outside government networks.
New data from mobile security vendor, Lookout highlights new problems arising from increased mobile use by government employees in their new U.S. Government Threat Report. The change to using a mobile device has implications on how security-aware employees are when accessing systems, applications, and data that may be cloud-based and not necessarily secured within a government-hardened network environment.
According to the report:
- In 2020, 71.5% of phishing attacks were focused on credential harvesting, a 67% increase over 2019
- In the same timeframe, only 28.5% of phishing attacks delivered malware, a decrease of 50% over 2019
The problem seems to be from the rise in use of personal devices. According to Lookout, 91% of mobile devices used by federal employees are unmanaged, and the exposure to mobile phishing attacks on unmanaged devices is nearly 8 times greater than managed devices! And with just under 72% of federal employees clicking on phishing links, the use of unmanaged mobile devices smells like trouble for the U.S. government and any other business that uses personal mobile devices.
Employees need to be taught via Security Awareness Training to keep their cyber defenses up, remaining vigilant when interacting with email and the web by being mindful that links and attachments can be malicious in nature.