New Lookout Report Finds Increased Attempts to Steal Your Corporate Login Credentials 

LONDON, U.K.: Lookout, Inc. has released a report showing that mobile phishing exposure doubled among financial services in 2020 despite a significant increase in mobile device management (MDM) deployment. The Lookout Financial Services Threat Report also uncovered a surge in exposure to malicious and risky applications among the industry’s employees and customers. 

Between 2019 and 2020, Lookout data shows that financial services and insurance organisations experienced the following:  

• Exposure to significant risks despite MDM: Despite a 50 percent increase in MDM adoption, average quarterly exposure to phishing rose by 125 percent and malware and app risk exposure increased by over 400 percent. 
• Credential stealing phishing attacks are still a major problem: Almost 50 percent of phishing attempts tried to steal corporate login credentials. 
• Mobile applications are a security gap: Nearly 20 percent of mobile banking customers had a trojanised app on their device when trying to sign into their personal mobile banking account. 
• Lookout found that 21 percent of iOS devices and 32 percent of Android devices were exposed to more than 390 iOS and 1,060 Android vulnerabilities because they were running iOS 13 or earlier and Android 10 or earlier. A delay in users updating their mobile devices creates a window of opportunity for a threat actor to gain access to an organisation’s infrastructure and steal data.  

The Lookout report also highlights how cyberattackers are deliberately targeting phones, tablets and Chromebooks to increase their odds of finding a vulnerable entry point. A single successful phishing or mobile ransomware attack can give attackers access to proprietary market research, client financials, investment strategies and cash or other liquid assets. These attacks can take the form of mobile phishing, apps containing malware, exploits of app or device vulnerabilities, and using risky networks outside of the traditional office perimeter.  

“These findings demonstrate that regardless of whether a device is managed or unmanaged, attackers have equal success in deploying phishing campaigns,” said Gert-Jan Schenk, Chief Revenue Officer, Lookout. “In addition, phishing can be particularly difficult to detect on a mobile device. We inherently trust these devices, which makes us vulnerable to social engineering attacks. Protecting modern endpoints requires a different approach – one that is built from the ground up for mobile and can continuously secure an organisations’ data from endpoint to the cloud. 

The report’s findings are sourced from the Lookout Security Graph, which contains behavioural analysis of telemetry data from nearly 200 million mobile devices, 140 million apps and analyses more than four million new URLs every day. The data analysed for this report are specific to financial services and insurance organisations.  

THE EDITORIAL TEAM

Case Studies

Posted On Monday, 10 May 2021 13:13

Photo credit: PCPI.

A police-owned organisation that works with the Home Office and Police Forces to deter and reduce crime, has launched a pioneering new licensing initiative to help improve the safety and security of bars, pubs, clubs, restaurants, hotels, theatres and sporting clubs.

The initiative is called Licensing Security & Vulnerability Initiative (Licensing SAVI) and it provides the most comprehensive, single source of information that licensees need to comply with the Licensing Act 2003 and meet the requirements of Police and Council Licensing Teams.

Licensing SAVI is ground-breaking because, for the first time ever, licensees in England and Wales have consistent information to promote the four, all-important Licensing Objectives: Prevention of Public Nuisance, Prevention of Crime and Disorder, Protection of Children from Harm, and Public Safety.

It has been developed at the request of the Home Office by Police Crime Prevention Initiatives (Police CPI), which works alongside the Police Service around the UK to deter and reduce crime.

Licensing SAVI is independent from the alcohol drinks industry and is backed by the National Police Chiefs’ Council (NPCC) and Project Servator, a police-led vigilance scheme to deter terrorist attacks at crowded places.

Available as an online self-assessment, Licensing SAVI brings together definitive information on effective management practices and operational security including some practical safety measures – many of which can be introduced quickly and at little or no cost and some which licensed premises may not have considered before.

Importantly, completion of the self-assessment can lead to Accreditation and an Award with a Star-Rating for display to show the efforts undertaken to enhance safety and security.

Appropriate for start-up businesses through to established operators, and single independent premises to large groups of venues, its advice and guidance embraces safety and security inside premises and in garden and other outdoor seating areas during operating hours to security when closed.

Critical issues covered include responsible drinking, drugs misuse, violent behaviour and safeguarding vulnerable customers through to opportunist theft and physical venue security.

It includes procedures such as pre-employment checks, age verification, managing unplanned large queues and customer searches through to ejecting badly behaving customers and dispersal arrangements when everyone leaves at the same time.

Other aspects of security are included too, such as staff branded uniforms and identification badges, CCTV systems and lighting, identification scanning and intruder and hold-up alarms. Raised areas behind bars to increase staff vision are suggested, and how to assist customers to get home, such as displaying taxi contact details or bus and train times, are included too.

There is even a non-assessed guidance section on counter terrorism and a COVID-19 risk assessment template for licensees to use.

Licensing SAVI’s Business Manager Mark Morgan, a former Merseyside Police Superintendent, said: “I believe Licensing SAVI is an important milestone for the licensing industry in England and Wales and will help provide safe and secure venues for staff, customers and the local communities.

“We have worked with licensed premises and many other authoritative sources well-versed with industry good practice throughout the development of Licensing SAVI to ensure the self-assessment is the very best it can be,” he said.

Licensing SAVI’s launch is timely because it can become part of a business recovery plan following COVID-19 restrictions and as a refresher resource for the return of staff who have been furloughed and the recruitment and training of new staff to replace those who have left.

THE EDITORIAL TEAM

Intelligence and Policing

Posted On Monday, 10 May 2021 13:09

Business Continuity and IT Disaster Recovery specialist acquires enterprise backup expert 4sl

Databarracks has acquired 4sl for an undisclosed sum, to create a combined company with 75 staff, including 50 data protection experts.

Peter Groucutt, Managing Director of Databarracks comments: “4sl is a company we have always admired for its expertise and skill in enterprise data protection. It is a globally recognised leader in delivering managed Commvault services, providing a gold standard of support to its customers. Getting to know Barnaby and the team, we have been impressed by how similar the cultures of our businesses are, and how much we have in common.”

THE EDITORIAL TEAM

Industry News

Posted On Monday, 10 May 2021 13:00

Read more ...