The cybersecurity landscape is evolving at a fast pace. Hackers constantly sophisticate their attack techniques while security vendors push their technologies forward to keep warding threats off efficiently. Mobile security has become in the last couple years a major topic for security teams, as nearly all workforces now use mobile devices for work purpose. According to our team, here is what should be expected in 2020.
Breaches will thrive beyond the company perimeter
Mobility has removed the borders of companies’ premises. By being increasingly manipulated on personal unmanaged mobile devices that belong to clients, collaborators, partners, etc., corporate data is being spread into the wild. This new exposition will lead hackers to steal companies’ data through personal mobile devices. As a result, security teams will look for solutions that’ll ensure the safety of their data when handled on these unmanaged devices.
Personal information will be abused
Although authorities have enacted new regulations to protect personal data, their enforcement seems to take longer than expected. Many companies are struggling to map data flows and are often unaware of data exfiltration. Today, the price of personal data such as banking details, social security numbers, credentials, etc. is reaching new heights, encouraging ill-intentioned people to steal them. Mobile applications are trusted with personal information, putting them in great position to exfiltrate data from their users. Apps embedding this kind of leaky behaviors are considered riskware and until now, app stores haven’t developed capabilities to detect them. Consequently, personal data leakage will rise.
Phishing will be more impactful
We all know about phishing campaigns that come from an inconsistent email address and ask to pay a bill or open an awkwardly named file. Well, that was before. Phishing now has a more sophisticated approach to optimize its chances of success. In 2020, we should expect a rise of spear phishing, a subset of the scam that is targeted towards a specific individual, organization or business. Phishing attempts will use better stories, spoof trusted email addresses and keep leveraging mobile vectors such as messaging apps to deceive their targets.
Mobile payments will become more controlled
The Payment Service Directive 2 initially planned to be enforced by the European Commission in 2019 was postponed to 2022 to let more time to companies to prepare. While many banks had already taken steps to comply with the upcoming regulation, authorities have decided this postponement as other industries were taking more time than expected to implement the requested security measures. As a consequence, in the next 2 years we’ll observe new cybersecurity features being implemented by all organizations providing payment services (retail, banks, aggregators…) in their web and mobile services.
Advanced Persistent Threats will exploit mobile
Advanced Persistent Threats (APT) represent attacks that take months and sometimes even years to be achieved. They precisely target an organization and use a variety of means to access its information system while remaining undetected. APTs perpetrators’ plan of attack includes a mapping of data to determine where the valuable information is most accessible. Mobile devices and applications represent a target of choice as they handle sensitive corporate and personal data while still having too little protection. In 2020, APTs will most definitely make enterprise mobility part of their plans.