San Francisco, California – May 6, 2021 – Lookout, Inc., an integrated endpoint-to-cloud security company, released a report showing that mobile phishing exposure doubled among financial services in 2020 despite a significant increase in mobile device management (MDM) deployment. The Lookout Financial Services Threat Report also uncovered a surge in exposure to malicious and risky applications among the industry’s employees and customers.
Between 2019 and 2020, Lookout data shows that financial services and insurance organizations experienced the following
- Exposure to significant risks despite MDM: Despite a 50 percent increase in MDM adoption, average quarterly exposure to phishing rose by 125 percent and malware and app risk exposure increased by over 400 percent.
- Credential stealing phishing attacks are still a major problem: Almost 50 percent of phishing attempts tried to steal corporate login credentials.
- Mobile applications are a security gap: Nearly 20 percent of mobile banking customers had a trojanized app on their device when trying to sign into their personal mobile banking account.
- Lookout found that 21 percent of iOS devices and 32 percent of Android devices were exposed to more than 390 iOS and 1,060 Android vulnerabilities because they were running iOS 13 or earlier and Android 10 or earlier. A delay in users updating their mobile devices creates a window of opportunity for a threat actor to gain access to an organization’s infrastructure and steal data.
The Lookout report also highlights how cyberattackers are deliberately targeting phones, tablets and Chromebooks to increase their odds of finding a vulnerable entry point. A single successful phishing or mobile ransomware attack can give attackers access to proprietary market research, client financials, investment strategies and cash or other liquid assets. These attacks can take the form of mobile phishing, apps containing malware, exploits of app or device vulnerabilities, and using risky networks outside of the traditional office perimeter.
“These findings demonstrate that regardless of whether a device is managed or unmanaged, attackers have equal success in deploying phishing campaigns,” said Gert-Jan Schenk, Chief Revenue Officer, Lookout. “In addition, phishing can be particularly difficult to detect on a mobile device. We inherently trust these devices, which makes us vulnerable to social engineering attacks. Protecting modern endpoints requires a different approach – one that is built from the ground up for mobile and can continuously secure an organizations’ data from endpoint to the cloud.
The report’s findings are sourced from the Lookout Security Graph, which contains behavioral analysis of telemetry data from nearly 215 million mobile devices, 269 million apps and analyzes more than four million new URLs every day. The data analyzed for this report are specific to financial services and insurance organizations.
Download the Lookout Financial Services Threat Report here.