Insurers have been warned their staff are increasingly becoming victims to phishing and malware with half the attacks aimed at stealing corporate login credentials.

Cloud security experts Lookout released its Financial Services which found mobile phishing exposure doubled among financial services in 2020 despite a significant increase in mobile device management (MDM) deployment. The report also uncovered a surge in exposure to malicious and risky applications among the industry’s employees and customers.

Between 2019 and 2020, Lookout data shows that financial services and insurance organisations experienced a range of growing threats:

• Exposure to significant risks despite MDM: Despite a 50 percent increase in MDM adoption, average quarterly exposure to phishing rose by 125 percent and malware and app risk exposure increased by over 400 percent.
• Credential stealing phishing attacks are still a major problem: Almost 50 percent of phishing attempts tried to steal corporate login credentials.
• Mobile applications are a security gap: Nearly 20 percent of mobile banking customers had a trojanised app on their device when trying to sign into their personal mobile banking account.

Lookout found that 21 percent of iOS devices and 32 percent of Android devices were exposed to more than 390 iOS and 1,060 Android vulnerabilities because they were running iOS 13 or earlier and Android 10 or earlier. A delay in users updating their mobile devices creates a window of opportunity for a threat actor to gain access to an organisation’s infrastructure and steal data.

“These findings demonstrate that regardless of whether a device is managed or unmanaged, attackers have equal success in deploying phishing campaigns,” said Gert-Jan Schenk, Chief Revenue Officer, Lookout. “In addition, phishing can be particularly difficult to detect on a mobile device. We inherently trust these devices, which makes us vulnerable to social engineering attacks. Protecting modern endpoints requires a different approach – one that is built from the ground up for mobile and can continuously secure an organisations’ data from endpoint to the cloud.

The Lookout report highlighted how cyber attackers are deliberately targeting phones, tablets and Chromebooks to increase their odds of finding a vulnerable entry point. A single successful phishing or mobile ransomware attack can give attackers access to proprietary market research, client financials, investment strategies and cash or other liquid assets. These attacks can take the form of mobile phishing, apps containing malware, exploits of app or device vulnerabilities, and using risky networks outside of the traditional office perimeter.

The report’s findings were sourced from the Lookout Security Graph, which contains behavioural analysis of telemetry data from nearly 200 million mobile devices, 140 million apps and analyses more than four million new URLs every day. The data analysed for the report was specific to financial services and insurance organisations.

Lookout found that 21 percent of iOS devices and 32 percent of Android devices were exposed to more than 390 iOS and 1,060 Android vulnerabilities because they were running iOS 13 or earlier and Android 10 or earlier. A delay in users updating their mobile devices creates a window of opportunity for a threat actor to gain access to an organisation’s infrastructure and steal data.