The Perfect Storm – How Mobile Reliance Has Forced Financial Services Beyond Device Management

By   Hank Schless
Senior Manager, Security Solutions , Lookout | Jul 21, 2021 08:32 am PST

Tablets and smartphones have become a primary tool to manage work and life as digital transformation accelerated last year. This trend is especially evident in the finance sector, where both workers and customers have become dependent on mobile devices to do everything from shopping, playing bills and managing finances. Similarly, financial employees are using the very same devices to stay productive as they continue to work away from the office.

The increased usage of mobile devices in the financial sector means both organisations and customers are exposed to new risks. These devices now have as much access to corporate infrastructure as traditional endpoints and hold more sensitive financial information than ever. Therefore, it is no surprise that the financial sector was the most targeted industry in 2020 by cybercriminals. To ensure that they tap into the productivity that comes from mobility, financial organisations need to embrace modern security technologies and strategies to secure the mobile devices and apps their employees and customers use the most. 

The need for dedicated endpoint security solutions

In an attempt to secure their mobile devices, the financial industry increased their use of mobile device management (MDM) solutions by 50 percent during the pandemic. Despite these efforts, cyberattacks did not decrease during the same period. Phishing remained one of the most common forms of cyberattacks while malware exposure rose by over five times. These trends illustrate that financial services organisations need to think beyond MDM when it comes to securing their mobile devices and their corporate data. 

We’re more susceptible to phishing attacks

There’s a reason that we saw a 125 percent increase in the average quarterly mobile phishing exposure rate for financial organisations. With everyone working from home, or continuing to do so under a hybrid-work environment, security teams have lost the visibility they had inside their perimeter. It also doesn’t help that people are using personal mobile devices and using networks organisations don’t control. In addition, consumers are using mobile devices to access sensitive data without any security measures.

We put a lot of trust into our mobile devices. We use them for anything from keeping in touch with our family and friends to authenticating our work and personal accounts and managing postal deliveries. This makes users more susceptible to social engineering attacks. Cybercriminals are aware of this and will take advantage of the trust we have in these devices to trick us into installing malware more giving away our login credentials.

App risks are on the rise

The digital-first environment has also resulted in a rise in app risks and malware. There are two reasons for this: the rise in application vulnerabilities and the proliferation of of Malware as a service (MaaS).

Vulnerabilities are increasing as developers rely heavily on software development kits (SDKs) to quickly build apps. While useful, these SDKs may have vulnerabilities that eventually get added to dozens of apps. We also see the rise in MaaS, where threat actors sell ready-to-go malware to other threat actors making it really easy to launch a cyber campaign.

Remote work has created the perfect storm

As we continue to rely on tablets and smartphones, attackers will take advantage of them. Combined that with how inexpensive it is to launch malware campaigns now, the remote environment has created the perfect storm for threat actors.

MDM doesn’t give you the visibility to tackle mobile threats. It also doesn’t secure your data. To ensure your data, employees and customers are secure, you need integrated security that works from endpoint to cloud.