Mobile phishing is getting traction with companies
Adam Sheehan, a behavioral scientist that joined F-Secure after its acquisition of MWR InfoSecurity, thinks that mobile phishing became a bigger issue for companies in 2018. Phishing in general is a known problem. But Adam says that phishing emails, SMSs, and other messages going to mobile devices are becoming more common. And he says workers are falling for it more often.
While part of this is because there are simply more people using mobile devices more often, Adam thinks there’s a more significant aspect to this trend.
“…we have naturally different patterns of behavior when we’re feeling relaxed or at ease. And of course, you know, we tend to use our desktops or laptops in a work context, in the office, for example. Whereas mobile phishing catches us in weaker moments, I think,” Adam says.
Adam describes this as an example of how the “cognitive ease” of mobile can leave us vulnerable. He goes on to suggest expanding security training to include mobile devices as a way of combating this trend. And F-Secure Service Technology Lead Artturi Lehtio points out that compromising mobile devices is a desirable objective for many threat actors. That makes preparing for these attacks worthwhile for companies.
Privacy was a big deal, for better or worse
F-Secure’s Laura Kankaala and Andy Patel both saw privacy concerns become more prominent in 2018. Both pointed to security issues at Facebook as driving these concerns. But while Andy felt that the Cambridge Analytica scandal is what drew the most attention, Laura pointed to security issues with the way Facebook’s login credentials are used to access other third party services. Laura says that many websites, in a classic example of favoring usability over security, aren’t implementing this mechanism as securely as they could. And she thinks this coming to light is making people question what their data is being used for.
“…they could potentially get into very sensitive details about you, not only like who you’ve been talking to you, but also the conversations that you’ve had with other people, where you’ve been, what have you bought, and stuff like that. So I think people are starting to understand how much they’re actually trusting with these big technology companies, and it’s just data for them. And you’re hoping that they’ll take good care of it,” Laura explains.
But Laura and F-Secure Principal Security Consultant Tom Van de Wiele both recognize the GDPR as a win for internet privacy. Laura thinks it’s a positive step but acknowledges that companies will most likely incur some fines. Tom sees it as part of a wider trend of companies trying to embrace security/privacy by design principles into their operations.
Ransomware in retreat
Tom saw another positive development in 2018: the declining popularity of ransomware.
“We’ve seen lots of big companies getting hit and that has spurred other companies into actually focusing on this to see how they can be impacted and how they might be a victim of this. So that’s certainly a good thing, a positive thing when looking at the information security market,” Tom says.
Artturi agrees, pointing out that it’s a trend that started with consumers.
But both Tom and Artturi felt that many threat actors are now looking to cryptominers to fill the gap left by ransomware.
Check out the podcast for more information on these and other cyber security trends.