Mobile security trends in the market now are following the widespread increase in mobile attacks on enterprises.
Nearly every organization surveyed by Check Point Software Technologies for its “Mobile Security Report 2021” faced mobile threats that used various attack vectors. Roughly half had at least one team member download a malicious mobile application.
Enterprises that have yet to address their mobile security needs are sure to turn their attention toward shoring up these resources soon, given the significant increase in mobile threats.
Mobile security today
Mobile security trends reflect the general trend toward increased enterprise adoption of mobile among enterprises. More organizations are taking a fresh look at mobile security as they implement bring your own device (BYOD) policies that allow employees to access sensitive company resources from their mobile devices. This is despite the rise in mobile-based cyber crimes.
Enterprise mobile adoption had been increasing for several years and accelerated during the COVID-19 pandemic, when workers needed to connect to work from home. In announcing Verizon’s Business Mobile Security Index 2021, chief revenue officer of Verizon Business, Sampath Sowmyanarayan, cautioned that this shift opened new opportunities for cybercriminals: “While businesses focused their efforts elsewhere, cybercriminals saw a wealth of new opportunities to strike. With the rise of the remote workforce and the spike in mobile device usage, the threat landscape changes, which for organizations, means there is a greater need to hone in on mobile security to protect themselves and those they serve,” he said.
The following mobile security trends reflect the efforts organizations worldwide are taking to better protect their networks in increasingly mobile environments:
5 mobile security trends
1. Mobile malware is on the rise
Check Point’s “Mobile Security Report 2021” lists a 15% increase in banking Trojan activity in 2020, threats that put mobile users’ banking credentials at risk. The company reports that threat actors have been using mobile remote access Trojans (MRATs), banking Trojans, and premium dialers often hidden within apps claiming to offer COVID-19-related information.
2. Continuous smartphone authentication is becoming more common
Authentication ensures that mobile users are who they say they are — that’s why so many organizations use authentication tools as part of their mobile security strategy. However, some authentication techniques like one-time passwords delivered via authenticator apps or SMS have emerged as easy targets for would-be hackers.
Some organizations are investing resources into biometrics and security key generation, but these approaches can be costly and difficult for IT staff to implement. Enter continuous multi-factor authentication (CMFA). CMFA validates users by constantly analyzing behavior and identity traits in the background. Industry analysts predict increased CMFA usage in 2021 and beyond. Valuates Reports estimates that the multi-factor authentication market will be valued at more than $30 billion by 2026, a compound annual growth rate (CAGR) of around 20%.
3. Organizations will use smartphones for COVID-19 compliance
While contact tracing by smartphone for the general public has mostly been a bust, smartphones may still have a role to play in beating back the pandemic.
In the office setting, organizations can use smartphones to track distance between employees, creating opportunities to accurately conduct contact tracing. Smartphones can also hold information like electronic health records, vaccine cards, and test results. Employers can also ask employees to check in on smartphone apps to report their health status each workday before they enter the building — a measure that may help to lure some remote workers back to the office.
4. Mobile phishing is becoming more sophisticated
Attackers are using mobile phishing tactics like SIM jacking to breach enterprise networks. During these attacks, Vice reports, bad actors research victims’ social media feeds or con them into divulging enough personal information to pose as them when contacting mobile network providers. Once they convince network providers to transfer their numbers to new SIM cards, they can intercept two-factor authentication codes, access email, social media, and mobile banking sign-ins.
Cybercriminals are also deploying malware hidden within apps through reputable app stores. Forbes reports that more than 100 million Android users unknowingly downloaded malware. Once installed, cybercriminals can gain access to enough personal information to easily steal the identity of users.
5. Privacy issues will increasingly impact enterprise mobile security options.
Central to the challenge of employing a mobile-friendly workforce is the issue of privacy. Organizations are tasked with complying with multiple regulatory bodies when it comes to protecting personal data, including data belonging to their employees.
As employers develop policies around mobile usage, they will increasingly consider approaches like containerization, which uses a mobile desktop approach that keeps employee and employer data separate when personal devices are being used.