Over half of employees fall for mobile phishing scams
A new report shows that security leaders have false confidence in their capabilities and employees when it comes to mobile security. While 96 percent are confident their employees can spot a phishing attempt, 58 percent have reported incidents where employees fell victim to executive impersonation scams via text message.
The study from Lookout, of more than 700 security leaders globally, underscores a critical need for organizations to rethink their cybersecurity strategies, particularly around the human-risk factors for social-engineering attacks.
Among other findings of the report, 50 percent of respondents say they are very concerned about mobile phishing attacks -- but with 77 percent having experienced an attack (or multiple attacks) over the last six months, and 74 percent often being alerted of suspicious mobile phishing messages, that number should be higher.
What’s more, 43 percent are very concerned about social engineering attacks but only 48 percent see all attempts. 51 percent admit to having inconsistent visibility of social engineering attempts, creating massive security blind spots.
While 68 percent have provided cybersecurity training and 28 percent plan to provide training over the next six months, lack of training is the top reason why respondents think employees would most likely click a suspicious link. This is likely because the evolution of threats moves too fast for companies to keep up with training.
"Today's threat actors are increasingly sophisticated, and they understand that mobile endpoints have historically been an afterthought in many enterprise security strategies," says Jim Dolce, CEO of Lookout. "This survey clearly demonstrates that this oversight is creating a dangerous vulnerability. Attackers are aggressively targeting employees on their iOS and Android devices, using highly effective social engineering tactics delivered via SMS, voice, and messaging apps to compromise credentials and gain quiet access to enterprise data."
To address these threats Lookout emphasizes the need for a multi-faceted approach to secure ‘front line’ employees and their mobile devices. This includes implementing an AI-first social engineering and human risk solution, integrating Mobile Endpoint Detection and Response (EDR), and ongoing security awareness training.
You can get the full report here.
Image credit: Techa Tungateja/Dreamstime.com