As we are looking to help organizations identify the next mobile threats they will face and remain a step ahead of them, the Pradeo team publishes every year its mobile security predictions.
« 2021 has been the year of spying scandals that raised awareness about mobile threats. And the topic is absolutely spot on, because from high-level government spying to the massive collection of individuals’ private information, preventing data exfiltration is the main challenge of mobile security. The more smartphones become part of our daily lives, the more valuable the data they collect becomes. After two years of spectacular increases in attacks, our indicators suggest that 2022 will follow the same trend. » Clément Saad, CEO and co-founder of Pradeo.
Expect a growing number of attacks targeting mobile devices
A recent survey led by Verizon showed that 40% of IT professionals think mobile devices are their company’s most significant IT security threat, and we surely agree with them.
Mobile devices represent a very enticing target due to both their capabilities and the information contained in them. The last couple of years have completely blurred the lines between personal and professional usages of mobiles devices, and the growth of remote working will keep emphasizing this trend.
As a result, sensitive corporate data end up being handled on devices which safety is endangered by personal activities: high number of non-business applications downloaded, connections to unsafe networks, more phishing attempts… In this pattern, cybercriminals will increasingly exploit smartphones and tablets to easily step a foot into organizations’ information system through their workforce.
We are not done with spyware
The disclosure of Pegasus extended usage to spy on high profiles has materialized that mobile devices can be turned into fearsome spying weapons. But Pegasus was just the tip of the iceberg and NSO is not the only company that provides such a software. Now that this is gaining awareness and that governments and businesses are starting to invest more time and money to fight spyware, Pegasus lookalikes will be exposed.
In less critical contexts, collecting information about users to profile them is already much more common that one may think. We observed in 2021 that 65% of the mobile applications our threat detection engine analyzed were programmed to send users’ data over the network. These practices will gain more awareness in 2022 in the wake of spyware.
Staying agile will be more important than ever
Cybersecurity teams are facing a growing flow of attacks targeting their information system, clouds, computers, mobile devices, mobile applications... To ensure that security issues are considered on an ongoing basis, they must adapt their organization, processes, and tools.
When securing mobile devices, the key will be to rely on a Mobile Threat Defense service that automatically detects and responds to threats, while smoothly being integrated with surrounding EMM, SIEM, EDR and/or XDR solutions. This way, security teams’ workload will be alleviated to have more time to focus on analytics and endpoint security strategy refinement.
To secure mobile applications, choosing platforms that centralize a variety of mobile app security services, enable online collaboration, and smoothly integrate with development environments will be essential to a successful DevSecOps approach.
The Zero Trust model will become the reference for cybersecurity strategies
In 2022, more organizations will enact a Zero Trust cybersecurity strategy that will thoroughly cover their IT and mobile environments. As a targeted security approach is imposing itself as key in reducing cyber risks, IT security professionals will actively look for platforms that unify the expertise and technologies of several cybersecurity experts, rather than relying on all-in-one solutions from a single vendor.
In that regard, the OPEN XDR Platform will enable security teams to use best-of-breed independent cybersecurity services unified in a single XDR interface where they will all communicate to get the best of each other (Cyber Threat Intelligence, Endpoint Detection and Response, Mobile Threat Defense, network protection…).
To combat cybercrime, AI will play an essential role
Mobile attacks are getting increasingly sophisticated on both iOS and Android systems. Pegasus, the number of malwares that bypassed Google Play security checks in 2021, or even the ingenuity behind the latest Smishing trojans are great illustrations of it. While cybercriminals keep renewing their techniques and tools to exploit mobile devices and applications, organizations can no longer rely on anti-virus and risk-scoring to protect their mobile assets.
Today, modern mobile security technologies use Artificial Intelligence to perform the work of hundreds of cybersecurity analysts to take autonomous day-to-day decisions and provide administrators with enlightened information to make strategic choices from.
This year and beyond, AI will be increasingly leveraged to not only thwart cyberthreats but also anticipate them by increasing knowledge and understanding. Through advanced combinations of cognitive and distributed algorithms, machine learning, neural networks and other tools provided by information technology, AI will prove it is the pillar of cyber defense.