According to the researches, although there has been %50 of increase in the usage of mobile device management (MDM)in the last year, it is stated that when looking at past three months the Phishing Attacks towards to the mobile devices in the finance sector it’s %125 and exposure to the malware and apps risk has increased of more than fivefold.
As more users access cloud services and infrastructure from mobile devices today, they are deliberately targeting phones and tablets to increase the chances of attackers finding a vulnerable entry point. Even just one successful Phishing or mobile ransomware attack can have access to a companies datas that is in its all infrastructure. Accessing to the datas can be done in a various ways, however an attacker can find its own way with each of them to access your cloud infrastructure. Attacker can recreate the corporate sign-in page and can send a phishing attack message to the person who wants to sign in to its account. Attacker can use a malware that is able to hide in the background of the device and wait for the user to reach its sensitive corporate datas that are stored in the cloud apps or its infrastructure before taking any action.
In the report of Financial Services threat that is written by Schless;
• Approximately %50 of the reason of Phishing Attacks was to stole the corporate login id informations.
• Approximately %20 of the mobile bank customers had a malware in their devices while they were trying to login their personal mobile bank app.
• Seven months after the release of iOS 14 and Android 11, 21% of iOS devices were still running iOS 13 or earlier and 32% of Android devices were still running Android 9 or earlier.
It is necessary to be done more than manage mobile phones with MDM. As MDM provides management of the mobile devices that fundamental apps and access management policies run, it can not provide protection against phishing attack and app risks.
It should be installed without requiring any mobile security capabilities, additional software upload. Every corporate should have the zero trust approach as well and consider the mobile apps, devices and users as part of this strategy.
It became obligatory to integrate mobile devices into zero trust strategy because of the big portion of the labor still work remotely. It is detected in the researches made that mobile device users reach Office 365, Google Drive or Adobe such cloud services during phishing attacks. The attackers realized that mobile devices are as valuable as desktop computers for reaching data and critical apps.