Financial Firms Face Threats from Employee Mobile Devices

  /     /     /  
Publicated : 23/11/2024   Category : security


Financial Firms Face Threats from Employee Mobile Devices


A new report says that phishing and man-in-the-middle attacks are major risks to financial institutions - via mobile devices in the hands of their employees.



Financial services is a highly regulated industry, but that doesnt mean its immune to cybersecurity woes. According to a new report, financial services organizations experience higher rates of phishing and man-in-the-middle (MiTM) attacks via mobile devices than other industries, and technology trends are making the issues even more complex.
The financial services mobile security report, published by Wandera, draws on data from 4.7 million events across 225 financial services customers. Wandera compares incidents such as phishing attacks (57% of organizations in financial services have seen these, compared to 42% across all industries) and MiTM attacks (36% in financial services compared to 24% all industries) involving mobile devices.
The specifics of the threats come in the context of rising overall threats. In the UK alone, the number of breaches in the financial services industry
increased by 480%
from 2017 through 2018.
One of the important findings in the
report
, according to Michael Covington, vice-president od product strategy at Wandera, is what is
not
a major issue: I think a lot of people, when they think of threats on mobile, they think of malware, and it just isnt there, he says. I think its largely because the mobile devices themselves are fairly well-built.
Instead of malware, criminals are using phishing attacks to gain access to financial services networks, but not just any attacks. Were seeing more targeted attacks within financial services instead of kind of the scattershot approach where you send out a phishing attack to everybody in the organization, he explains.
The success of phishing attacks on mobile devices in financial services may be part of a larger pattern of risky mobile behavior by those in the industry. According to the report, 42% of the organizations represented had devices with side-loaded apps — apps downloaded and installed from sites other than the app stores approved for the device. Covington says, You start to see the implications of letting employees manage their own device.
And those employees are managing their devices in tremendous numbers, he says. Employee-owned devices, used to conduct company business, are targets because of the sensitive data they contain.
Theres no doubt in my mind that the criminal side of the equation is after rich data, he says. And the availability of rich data goes beyond the data just on the mobile devices since their users have access to enterprise applications and databases. Thats also why phishing attacks are specifically on the rise within financial services organizations because its the credentials that the attacker can get, Covington says. Those provide them access to the data repositories in the cloud or in the data center.
Protecting your organization from employee mobile devices comes down to  better managing mobile devices. They need to be making sure that when a user logs into a service that it is indeed that user. And they need to look at the devices that those users are coming from, he says. Sometimes its going to matter to an organization if its a sanctioned device. Other times it wont.
Ultimately, though, it comes down to only giving verified and authorized users access to corporate resources from their mobile devices, and only if those devices are trustworthy, he says.
Related Content:
Smash-and-Grab Crime Threatens Enterprise Security
New WannaHydra Malware a Triple Threat to Android
10 Notable Security Acquisitions of 2019 (So Far)
Adware Hidden in Android Apps Downloaded More Than 440 Million Times
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the 
conference
 and 
to register.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Financial Firms Face Threats from Employee Mobile Devices