Cybercriminals are using every means available to reach their victims. According to Verizon’s latest data, attacks on mobile devices are increasing while security efforts fall behind.
When Verizon says jump, Security professionals had better say “how high”. And, in 2019, a focus on mobile is critical. According to Verizon’s recent Mobile Security Index 2019 report, 51% of “sophisticated actors” are targeting both mobile devices and desktops, putting more entry points at risk.
It appears that this tactic is working; the percentage of organizations confirming a mobile device introduced unnecessary risk or was involved in a data breach in 2018 rose to 33 percent in 2018; a 22% increase from the previous year. This has 83% of organizations concerned about mobile threats, and the need to deploy stronger mobile security.
According to the report:
- 85% said mobile device security needs to be taken more seriously
- 67% said mobile security isn’t on par with other devices
- 46% of those organizations that sacrificed security admitted to suffering a compromise
So, what tactics are working on mobile?
It turns out, much the same as on traditional endpoints. According to the report, malware and phishing top the list of threat tactics used on mobile.
Source: Verizon
What makes this data interesting is that Phishing is marked as being a “user behavior-based” tactic, but malware is “app based”. Malware doesn’t get on a device on its own; social engineering is used to trick device users into clicking links, installing apps, and engaging in an attackers campaign. This puts the top three (as ransomware equally fits the mold) as needing to involve the user to be impactful.
An organization’s greatest asset in this case is to employ Security Awareness Training as a means to inform users on the tactics used, how to spot them, and how to avoid becoming a victim – lowering the risk the mobile device presents to the organization.
