Every now and then, Pradeo’s mobile security experts gather to discuss the upcoming challenges the mobility market will face. Last year, they had successfully foreseen an increase in the amount of breaches in the health and banking industries. Here are their main forecasts for the year to come.
Major data breaches will come from mobile applications
In the last semester of 2018, the Pradeo Lab’s mobile security report stated that 78% of mobile threats compromising mobile devices come from applications. Indeed, mobile apps are often exploited by cybercriminals to exfiltrate users’ data, through different techniques.
A mobile application can be inherently malicious by featuring a malware (keylogger, OTP interceptor, screenlogger, SMS trojan, ransomware, etc.) or it can be what is generally called “greyware” by featuring leaky and intrusive behaviors while not hosting any malware. This year, numerous applications have been the source of data breaches (Air Canada, Uber, MyFitness Pal…) and the trend will only amplify this year.
Mobile phishing attacks will considerably grow
Phishing attacks became last year the second most detected network threat on mobile devices, after unsecure WiFi. Operating in the same way as on computers, mobile phishing tricks mobile users into opening infected files, clicking on malicious links, or downloading malware from emails (sent from spoofed email addresses) or SMS (SMishing).
Phishing attacks are becoming more sophisticated, hence effective, and can simultaneously target a vast amount people at no cost. As a result, this type of attack will, unfortunately, keep growing.
Mobility will get more regulated and stricter
In a decade, mobility has taken over our world. And as it happens short after the creation of any new market, governments and authorities are starting to regulate it. The mobile ecosystem is composed of billions of devices and servers between which data are constantly transiting, making it hard to ensure privacy. In the last years, new regulations (GDPR, NDB…) have been enforced to urge organizations to secure their mobile framework and all the information it handles, holding them responsible in case of a breach.
In 2019, new general and industry-related laws (PSD2 for the banking industry in March) will be enacted to reinforce data privacy. Furthermore, regulators will probably widen existing privacy regulations’ field of application by submitting addendum dedicated to mobility. Broadly speaking, all usages of mobility will be more strictly overseen.
Takeover attempts on connected objects will increase
In 2018, there was about 7 billions connected IoT devices and this number is about to grow by 17% in the next 7 years. It is currently possible to control an entire house thanks to home automation as heaters, lights, door-locks or security cameras can be managed remotely from a mobile device through a dedicated mobile application.
In a recent study, the Pradeo Lab reviewed a representative sample of 100 IoT mobile applications (thermostat, electrical blinds, remote control, baby phone…) available on Google Play and App Store. The results showed that 15% of the audited applications were vulnerable to Man-In-The-Middle attacks potentially leading to a system takeover. As the number of connected objects is drastically growing, they will become a target for cybercriminals.
Artificial Intelligence will be a cybersecurity must-have
Cyberthreats are always renewing themselves, trying their best to overcome the security solutions facing them. Between January and August 2018, zero-day malwares grew by 92%. As they have no viral signature, zero-days remain impossible to be detected by standard or score-based solutions. However, organizations have a critical need to detect and prevent them.
Cybersecurity technologies rely on two fundamental capacities: the analysis of cyber threats and how to block them. Former cybersecurity solutions used to rely on large teams of researchers that would manually analyze threats to determine whether they would lead to an attack and how to counter them. Nowadays, Artificial Intelligence applies deep learning, machine learning and various other techniques to reproduce the accuracy of a human detection, automatically and on a large scale. Above all, it allows to foresee upcoming attacks and to define efficient countermeasures preventing them. As a matter of course, AI has become the key component of a reliable cybersecurity technology.
Take a look at our mobile security solutions: