Smishing and other mobile threats should be a priority for CISOs during this time.
Ο Phil Richards, Its CEO Ivanti, talked about dramatic increase in smishing attacks. Anyone using a smartphone has probably been the target of a smishing attack, at least once. Smishing is like Phishing, with the difference that criminals do not send emails but text messages. These messages contain malicious links.
As in phishing, so in phishing attacks, scammers try to trick victims and make them provide valuable information, such as bank credentials and more. Usually, the messages are convincing and seem to come from reliable sources. Over the past two years, security experts have noticed that these attacks have increased significantly.
Even before his time COVID-19, 81% of organizations stated that their employees had been attacked on their mobile devices. In 2020, when lockdowns began to be imposed around the world, attacks increased rapidly. One study found that between March and July 2020, smishing attacks increased by 29%.
Because people are more vulnerable to smishing this season?
Phishing attacks will always come first, but there are a few reasons why smishing is considered more dangerous for IT security at this time:
- Is very easier to block phishing emails on corporate computers, but remote workers today use them their personal devices for access to corporate applications and data. And it does not exist no easy way to verify the authenticity of a smartphone URL. The result; Many users simply click on the link they see in the message and hope it is not dangerous.
- Smartphones are used for almost everything. These devices are literally everywhere, so hackers have turned to attacks that allow them to target smartphone users. These include smishing attacks.
- Users are more likely to open and reply to a text message, rather than in an email. It has been found that 90% of text messages are opened and read almost immediately. The corresponding percentage for emails is only 20%.
- Personal devices usually do not have strong security used to protect corporate devices.
- Most people use their smartphones constantly, almost mechanically, so many times do not give the necessary attention. This is well known to cyber criminals, who can easily trick an employee into revealing corporate credentials. When they break into a company, hackers can do anything.
Since teleworking came to stay, CISOs need to implement new strategies to protect corporate applications and data, wherever they are, on any network, device or cloud. The good news is that most CISOs have realized the importance of protecting their organizations from mobile threats and have made it a priority.
An Ivanti survey found that 87% of CISOs said mobile device security is now at the heart of their cyber security strategies. Nearly 80% of these CISOs know that passwords are no longer an effective or secure means of user authentication and almost two-thirds (64%) believe that Investing in mobile threat detection software will be a major priority in 2021.