FEATURE : CYBERSECURITY
Lookout data shows credential theft mobile attacks on the rise in US Government agencies
Recent data commissioned by Lookout supports the fact that mobile phishing attacks are on the rise . We explore the findings in further detail , particularly focusing on the impact this is having on federal , state and local governments in the US . Steve Banda , Senior Manager , Security Solutions at Lookout , offers his expert opinion and advice on what CISOs should include in their cyber-strategies for the year ahead .
Lookout , an endpoint to cloud security company , has released its 2022 Government Threat Report which examines the most prominent mobile threats affecting federal , state and local governments in the US .
Lookout data reveals mobile phishing and device vulnerability risk within US government agencies has increased since 2021 . According to a Lookout analysis of data specific to federal , state and local government entities from the Lookout Security Graph , almost 50 % of phishing attacks aimed at government personnel in 2021 sought to steal credentials , up from 30 % in 2020 .
In addition to the increase in phishing attacks for government employees , the report findings include :
• Federal , state and local governments increased their reliance on unmanaged mobile devices at a rate of 55 % from 2020 to 2021 , indicating a move towards BYOD to support a larger remote workforce .
• One-in-eight government employees were exposed to phishing threats . With more than 2 million federal government employees alone , this represents a significant potential attack surface as it only takes one successful phishing attempt to compromise an entire agency .
• There was a steady rise in mobile phishing encounter rates for state and local governments across both managed and unmanaged devices , increasing at rates of 48 % and 25 % respectively from 2020 to 2021 . This steady climb continued through the first half of 2022 .
• Nearly 50 % of state and local government Android users are running outdated operating systems , exposing them to hundreds of device vulnerabilities . This is an improvement versus 99 % in 2020 .
Government organizations store and transmit a variety of sensitive data , the security of which is essential to the well-being of hundreds of millions of people . In the case of government organizations , the potential fallout from a breach that results in leaked data , stolen credentials or a forced halt to operations due to ransomware can have a disproportionate impact compared to a typical cybersecurity incident .
Additionally , government employees use iOS android and ChromeOS devices every day to stay productive and increase efficiency . This makes them targets for cyberattackers as their devices are a treasure trove of data and a gateway to government infrastructure . Only a modern endpoint protection solution can detect mobile threats in apps , device operating systems and network connections , while also protecting against credential harvesting and malware delivery attacks through phishing . Due to the personal nature of smartphones , tablets and Chromebooks , endpoint security must protect the user , the device and the organization while respecting user privacy .
“ It ’ s more important than ever for government agencies to keep pace with the evolution of the cyberthreat
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 53