Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

A look ahead to mobile security in 2021

By Mike Fong
smartphone1-900px.jpg
January 5, 2021

As organizations continue to adapt to life in the age of COVID-19, smartphones are set to take on additional responsibilities – even as the security limitations of these devices become ever more evident. Below, I’ve highlighted five key trends that are set to shape mobile security in 2021.

 

Trend 1: Continuous authentication via smartphone will emerge as a viable option.

For many organizations, the push to remote work in response to the pandemic added greater urgency to their plans to implement a zero-trust cybersecurity posture, of which digital identity is an important piece. But solving the identity piece at scale involves tradeoffs. Solutions that leverage users’ smartphones are relatively easy to roll out, but one-time passwords delivered via authenticator apps or SMS messages have shown themselves to be easy prey for hackers. Security keys and biometric readers offer more robust security but are generally more expensive and can be a pain for IT staff and users alike.

For these reasons, I believe we’ll see a greater push for continuous multifactor authentication (CMFA) via smartphones. CMFA involves validating in real time that a user is who they say they are, using a number of different behavioral and identity traits to determine access to enterprise systems. As such, CMFA promises to provide strong identity assurance while remaining largely invisible to users. Though this concept is still in its early stages of maturity, with much of the work focusing on the public sector, I expect that to change in 2021 and beyond.

 

Trend 2: Smartphones will be relied upon heavily for COVID-19 compliance.

It’s fair to say that contract tracing via smartphone has largely been a flop. There are several reasons for this, not the least of which is a lack of buy-in from a critical mass of the general population. Such efforts also create false positives resulting from not just location inaccuracies but from the inability to take into consideration real-world conditions like the presence of physical barriers between individuals.

But in an office environment, some of these issues can be mitigated, as companies have greater visibility and control of the environment and can mandate buy-in from employees. The accounting and finance firm PwC rolled out such a system for one of its workplaces to make sure that employees didn’t get too close to one another while on company property.

Beyond tracking distance, smartphones can serve as hubs for employees’ health passes, with vaccine status, recent COVID-19 test results and even self-reported symptom checks used to clear employees before allowing entry into their places of work. Besides minimizing company liability and sick days, such systems will enable organizations to lure remote workers back into the office. For these reasons, I expect smartphones to be used heavily for COVID-19 compliance in 2021.

 

Trend 3: The smartphones of those in the national security community will be heavily targeted.

Between the 2014 cyberattack of the US Office of Personnel Management and the more recent SolarWinds hack, it’s clear that our biggest adversaries have an interest in learning as much as they can about our national security apparatus and the people in it. With a new presidential administration in 2021, foreign nation-states will no doubt be looking for as much intel as possible in order to figure out how to play their hands.

Because smartphones serve as digital witnesses to users’ locations, conversations and other highly personal information, it follows that our adversaries will heavily target smartphones at many levels of government. We know, based on China’s likely involvement in a massive smartphone spying program targeting Uyghur Muslims within the Chinese state of Xinjiang, that the country is more than capable of finding rare zero-day smartphone vulnerabilities and then weaponizing them at scale. I wouldn’t be surprised to see such a campaign targeting the national security community in the coming months.

 

Trend 4: Threat actors will use deepfake voice in vishing attempts targeting remote workers.

The massive work-from-anywhere push of 2020 was a field day for threat actors, who took advantage of operating environments beset by security shortcuts, organizational confusion and worker distraction to launch social engineering attacks against employees. One such attack type, vishing (voice phishing), gained prominence in the now-infamous Twitter hack in July, when hackers posing as IT staff called up customer service reps and tricked some of them into giving up access to an important internal tool. Vishing has subsequently been used to target dozens of companies, including banks, cryptocurrency exchanges and web hosting firms.

For 2021, I see this trend not just ramping up but getting more sophisticated, specifically with threat actors using deepfake voice – synthetic voice created using machine learning – to fool targets in real time. This technique was apparently used in 2019, when a scammer posing as the chief executive of a parent company successfully convinced the CEO of a subsidiary company to send funds to a purported supplier. As the tools for creating deepfake voice get further democratized by the day, it’s only a matter of time before threat actors adopt this technique against remote workers, who by definition can’t easily walk down the hall to verify requests for funds, credentials or sensitive information.

 

Trend 5: There will be a renewed debate around smartphone security.

Apple’s iOS, which has long been considered the most secure of the major smartphone platforms, has started to show its cracks. In 2020 alone, we’ve seen at least two sets of iOS zero-day vulnerabilities that were used or believed to have been used in the wild, including one set of three bugs that allowed attackers to remotely compromise iPhones. We’ve also seen reduced bounties for most iOS exploits, indicating a glut of these types of bugs. And each major iOS release seems to be rockier than the last, likely due to a focus on delivering features at the expense of stability and security.

As we are set to pour even more of our lives into our smartphones in the year ahead, it’s worth asking if these devices are up to the task of keeping our information safe. I believe this is a debate that will come to the forefront in 2021.

Given the dominance of iOS and Android, and given the many failed attempts by upstart competitors to build secure smartphones, I believe that security innovation will necessarily have to work in tandem with the major players. Today, this means security keys and audio masking devices. Tomorrow, this may mean bifurcated sensing and compute capabilities. Whatever the case may be, the current trajectory of mobile security is due for a course correction.

KEYWORDS: authentication cyber security mobile security zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mike fong

Mike Fong is Founder and CEO of Privoro.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Leadership and Management
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Strong Cybersecurity: The Critical Role of Lifecycle Management - Security Magazine

    Security in 2021: What lies ahead

    See More
  • SEC1219-cyber-Feat-slide1_900px

    Telehealth’s emergence and the keys to security in 2021

    See More
  • cyber

    83% of IT leaders look to outsource security to MSPs in 2021

    See More

Related Products

See More Products
  • Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • Physical Layer Security in Wireless Communications

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing