Lookout, Inc. released a report showing that mobile phishing exposure doubled among financial services and insurance organizations between 2019 and 2020. The Lookout Financial Services Threat Report illustrates that these organizations were not immune to mobile phishing despite an increased adoption of mobile device management (MDM).
 
Between 2019 and 2020, Lookout data shows that financial services and insurance organizations experienced the following:
  • 125% increase in average quarterly exposure to mobile phishing attacks.
  • 400% increase in average quarterly exposure to malicious and risky applications.
  • 50% increase in mobile device management (MDM) adoption.
  • Almost 50% of phishing attempts tried to steal corporate login credentials.
  • Nearly 20% of mobile banking customers had a trojanized app on their device when trying to sign into their personal mobile banking account.
 
Lookout also found that seven months after the release of iOS 14 and Android 11, 21 percent of iOS devices were still on iOS 13 or earlier, and 32% of Android devices were still on Android 9 or earlier. A delay in users updating their mobile device’s operating system creates a vulnerability window during which a threat actor could use it to gain access to their organization’s infrastructure and steal data.
 
The Lookout report also highlights how cyberattackers are deliberately targeting phones, tablets and Chromebooks to increase their odds of finding a vulnerable entry point. A single successful phishing or mobile ransomware attack can give attackers access to proprietary market research, client financials, investment strategies and cash or other liquid assets. These attacks can take the form of mobile phishing, apps containing malware, exploits of app or device vulnerabilities, and using risky networks outside of the traditional office perimeter.
 
“The financial services industry is often ahead of the curve when it comes to deploying new measures to prevent breaches,” said Gert-Jan Schenk, Chief Revenue Officer, Lookout. “It’s not surprising that they increased their use of MDM to support remote work. While managing a device is an excellent first step to mitigating mobile risk, MDM solutions simply aren’t built with phishing protection in mind and can’t protect against this massive threat to the enterprise.”
 
The report’s findings are sourced from the Lookout Security Graph, which contains behavioral analysis of telemetry data from nearly 200 million mobile devices, more than 140 million apps and analyzes more than four million new URLs every day. The data analyzed for this report are specific to financial services and insurance organizations.