Mobile Devices Rise as a Top Attack Vector for Cybercriminals; Malware and Phishing Remain Primary Concerns



Cybercriminals are using every means available to reach their victims. According to Verizon’s latest data, attacks on mobile devices are increasing while security efforts fall behind.

When Verizon says jump, Security professionals had better say “how high”. And, in 2019, a focus on mobile is critical. According to Verizon’s recent Mobile Security Index 2019 report, 51% of “sophisticated actors” are targeting both mobile devices and desktops, putting more entry points at risk.

It appears that this tactic is working; the percentage of organizations confirming a mobile device introduced unnecessary risk or was involved in a data breach in 2018 rose to 33 percent in 2018; a 22% increase from the previous year. This has 83% of organizations concerned about mobile threats, and the need to deploy stronger mobile security.

According to the report:

  • 85% said mobile device security needs to be taken more seriously
  • 67% said mobile security isn’t on par with other devices
  • 46% of those organizations that sacrificed security admitted to suffering a compromise

So, what tactics are working on mobile?

It turns out, much the same as on traditional endpoints. According to the report, malware and phishing top the list of threat tactics used on mobile.

 

malware

Source: Verizon

What makes this data interesting is that Phishing is marked as being a “user behavior-based” tactic, but malware is “app based”. Malware doesn’t get on a device on its own; social engineering is used to trick device users into clicking links, installing apps, and engaging in an attackers campaign. This puts the top three (as ransomware equally fits the mold) as needing to involve the user to be impactful.

An organization’s greatest asset in this case is to employ Security Awareness Training as a means to inform users on the tactics used, how to spot them, and how to avoid becoming a victim – lowering the risk the mobile device presents to the organization.


Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/kmsat-security-awareness-training-demo

Topics: Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews