While preparedness remains one of the most important facets of effective organizational cybersecurity, it can be difficult to plan for the year ahead with so many unknowns. To help you approach this new year, our CEO Clement SAAD shares his vision of 2024 mobile security trends and predictions.
“ In 2024, cybersecurity heads will have to balance the implacable unleashing of mobile usages and related attacks with the regulations aiming to govern and secure our digital world. This dual challenge will undoubltly impact every sector and business. ”
Clement Saad, CEO and Co-funder of Pradeo
Opening of the app stores
The Digital Markets Act (DMA) will require Apple and Google to allow mobile users to download applications from third-party stores beyond the traditional App Store and Google Play. The European regulation that aims to create competition for GAFAM companies, will go into effect march of 2024. On top of forcing Alphabet, Meta Platforms, Apple, Amazon.com, ByteDance and Microsoft to open up their platforms, the law will also have a dual impact on mobile security.
Increased Threat Surface
While threats are already present on the two major app stores, the newfound freedom for users to download applications from various sources heightens the risk of malicious downloads. Indeed, new app stores will provide many playgrounds to cybercriminals to trick users into downloading malicious or intrusive applications collecting enormous amounts of personal and sensitive data. From both a personal and professional standpoint, this further reinforces the need for a mobile protection solution that vets apps as well as the network and configuration context of the user’s device like Pradeo’s Mobile Threat Defense (MTD) service does.
Risks of counterfeit apps
The second impact of the opening to third-party stores is the increased risk for end-users to download clones or malicious replicas of legitimate applications. With worldwide internet traffic coming primarily from mobiles, most businesses but also public services rely on apps. The upcoming regulation leaves the door open to cybercriminals to spread their clones across stores in order to steal users’ credentials and data. This year, product owners and CISOs will have to prevent their apps from being jeopardized. This growing matter is to be tackled with a twofold strategy:
- Firstly, by using an anti-clone service to identify counterfeit apps and ensure that the application in use is indeed the official one.
- Secondly, by scrutinizing the web in search of illegitimate applications. To address this point, Pradeo plans to launch a subscription-based service to monitor clones and other security related information about applications across different sources (including the dark web).
Regulatory Impact on Mobile Apps
Digitalization brought in its wake a brand-new set of regulations and compliance frameworks to supervise the protection of users’ data. Ongoing and upcoming regulations, such as NIS2, DORA, etc. will enforce security measures implemented to protect users data manipulated through mobile applications. Notably NIS2 will hold mobile application providers accountable for flaws in their applications and any attacks facilitated through their apps.
More than ever, cybersecurity professionals will have to set up a chain of control to protect mobile applications from the design phase through to end-user interactions. Pradeo provides a full set of services to accompany apps’ providers in the securisation of their applications along the development lifecycle.
The OWASP MASVS (Mobile Application Security Verification Standard) draws the path toward application security compliance emphasing measures to be implemented with regards to the context of the app:
Artificial intelligence (AI) in cybersecurity
The commercialization of generative AI dominated the tech industry in 2023, so no trend list would be complete without looking at how it could affect organizations.
While attackers already use Large Language Models (LLMs) - such as ChatGPT - to create and improve phishing emails, reducing the likelihood of spelling and grammar mistakes, expanding into other languages, etc. In 2024, we can expext a further integration of generative AI into social engineering tactics, allowing attackers to impersonate high-level decision-makers and executives more convincingly.
However, generative AI is also to be considered as a powerful cybersecurity asset to gather intelligence and enable the emergence of insightful information. Considering both the versatility and the richness of the mobile environment, AI is key to defeating threats empowering the attacking technology as a fence.
As we navigate the intricate landscape of cybersecurity in 2024, organizations must remain vigilant and proactive in adopting advanced security measures. Pradeo continues to innovate and offer solutions to tackle emerging threats, ensuring a resilient defense against evolving mobile cyber risks.
