MOBILE SECURITY BLOG

Phishing is a hacking technique that makes a user believe that he is interacting with the interface of a trusted third party (his bank, an administration, a well-known company...) in order to exfiltrate personal information such as his password, credit card numbers, social security number, etc.

A phishing campaign is characterized, from the hacker's perspective, by the simplicity of its execution associated with the possibility to lead a large-scale attack. Although it originated in the 1990s, this type of attack is still very common today.

Mobile devices represent the fastest growing attack surface and the widespread use of remote working has been accelerating it lately. Cybercriminals target enterprises through collaborators’ smartphones and tablets, betting on finding loopholes they will exploit to steal corporate data. Security heads are looking to extend their Zero Trust IT security strategy to mobile devices and apps, but the versatility of mobility makes it challenging.

The Zero Trust model is a security approach based on the principle of not trusting any network or data access request by default, and to secure all entry points. It has emerged as the most reliable way for companies to keep away cyberthreats evolving within their distant and immediate environment.

Cybersecurity experts are unanimous, mobile apps are hackers’ preferred vector to exfiltrate valuable data from mobile devices. Yet, the flexibility they offer makes them irreplaceable for both work and personal usages. Today, companies cannot afford to forbid public apps usages to their collaborators, even in the most sensitive industries. However, it doesn’t mean they should turn a blind eye to app-related risks.

Workers are undeniably mobile with 80% of corporate tasks to take place on mobile devices in 2020¹. With 77% of the digital traffic² coming from smartphones and tablets, mobile protection comes as a central piece of the information security strategy of companies.

The advent of mobility drew a new paradigm where security gates have to be relocated beyond the enterprise perimeter. In that framework, legacy security practices are falling short to address a landscape characterized by a plethora and dynamicity of threats.

System and application updates always seem to pop up at less than timely moments, and most of us postpone them without second thoughts, for days, weeks, months… However, these updates represent an essential piece of systems’ stability and safety, as they include functionality enhancements and patches to security holes.