Financial services organizations face a variety of cyber threats. But mobile risks represent a major Achilles’ heel for the industry, says a new report from Wandera.
Like most companies and consumers, the financial services industry has become dependent on mobile communications as a way to conduct business, manage client information, exchange data, and work with customers. But without the proper protections in place, the mobile landscape can be a risky environment facing a variety of cyberthreats and potentially exposing sensitive customer data, according to a report called Mobile Security in the Financial Services, released Tuesday by Wandera.
In a six-month analysis of security data from 225 million customers with 50,000 devices collectively, Wandera discovered a number of ways in which financial services organizations are exposed to cyber threats via mobile communications, apps, services, and behavior:
- . Financial services companies are a greater target for phishing attacks than are other types of companies. Over the six-month period, 57% of financial services firms were hit by phishing attacks compared with 42% cross-industry. In another study, 29% of financial services employees were found to be likely to click on a phishing email compared with just 11% across other industries.
- . Financial services organizations are hit by a higher number of incidents associated with man-in-the-middle attacks and risky hotspots, with 35% being targeted this way versus 24% across other industries.
- . Despite the concerns about malware, this threat is not as huge as many people think, according to Wandera, as less than 1% of companies were hit by malware over the six-month period. However, malware attacks certainly do occur, and cybercriminals are using more targeted approaches.
- . Some 26% of financial services companies experienced mobile cryptojacking attempts over the six months analyzed, compared with 18% cross-industry. On the plus side, financial services users tend to use their mobile devices more responsibly than do people in other industries. So the overall impact is less severe than with other types of threats, such as phishing.
- Disable Lock Screens. Among employees at financial services firms, one in 20 failed to enable the lock screen on their mobile device, opening up a Pandora’s Box of sensitive information should the phone be lost or stolen.
Wandera’s research did find several positive signs in terms of mobile security at financial services companies. More users in this industry maintain their devices with the latest operating systems and security patches than do those in other industries. Rooting and jailbreaking can expose a mobile device to risky apps and content; however, the trend to root or jailbreak one’s device has become much less common. Password leaks only impacted around 1% of the devices examined, though larger organizations and those with less stringent policies were more likely to suffer leaked passwords..
To help financial services companies better deal with the risks involved in mobile communications, Wandera offers the following pieces of advice in developing a mobile security strategy:
Combat phishing attacks
Employees need regular training to help them identify phishing attacks, not just from email but from social media and other messaging platforms. But training is only one layer of defense. Organizations need to adopt anti-phishing measures both at the endpoint and in the network.