Despite the increased use of mobile device management (MDM), mobile phishing among financial services was at an all-time high last year. A report conducted by endpoint security expert, Lookout, revealed a 125% increase in exposure to considerable risk in both financial services and insurance organisations. The financial report also uncovered that the risk exposure to malware and risky applications increased by over 400%, leaving employees and customers in this industry vulnerable to a breach.
Phishing attacks continue to be a substantial issue within financial industries, with threat actors continuously attempting to steal confidential information. As a matter of fact, Lookout’s report highlighted that the number of attackers seeking to exfiltrate corporate login credentials from mobile applications, is just under 50%. More worryingly, 20% of customers who use mobile banking have application Trojans installed on their devices when attempting to enter their login details, creating a significant security gap that puts individuals and corporations at risk.
Another finding in the report details the dangers behind the failure to update applications on time. Indeed, 21% of iOS devices evaluated were found to be exposed to more than 390 vulnerabilities, while almost a third (32%) of Android devices were potentially subject to 1,060 vulnerabilities, solely for not running on the newest released updates. Devices that aren’t fully up-to-date provide threat actors with an opportune moment to exploit a security gap, access an organisation’s server and steal sensitive data. With the increased use of personal devices for business purposes, attackers are specifically targeting phones, tablets and Chrome-books to widen the attack surface in hopes to find a vulnerable entry point. It’s important to remember that large-scale attacks often start with a simple phishing link that can lead to data theft and give unauthorised users access to confidential company information.
Finally, Lookout’s Chief Revenue Officer, Gert-Jan Schenk states: “In addition, phishing can be particularly difficult to detect on a mobile device. We inherently trust these devices, which makes us vulnerable to social engineering attacks. Protecting modern endpoints requires a different approach – one that is built from the ground up for mobile and can continuously secure an organisations’ data from endpoint to the cloud.”
