FEATURE : CYBERSECURITY
Why do you think mobile phishing and device vulnerability risk has increased within US government agencies since 2021 ?
Remote work is here to stay , and with it , so has employee reliance on personal mobile devices . These devices are difficult to monitor and keep up-to-date , presenting a unique security challenge for US local , state and federal government organizations .
BYOD strategies provide government workers increased flexibility and productivity . This is likely one of the reasons the use of unmanaged devices increased an average of 55 % across federal , state and local governments between 2020 – 2021 according to Lookout data . But that same data found that almost 50 % of phishing attacks aimed at government personnel in 2021 sought to steal credentials . The combination of unmanaged devices and phishing attacks means that government agencies and departments are vulnerable as they continue to allow telework and the use of BYOD .
How would you suggest people best secure their mobile devices to ensure they protect against phishing attacks ?
Attackers are primarily targeting individuals through mobile channels because of the number of ways they can get to an individual . SMS , iMessage , email , social media , third-party messaging apps , gaming and even dating apps all have messaging functionality that attackers use to socially engineer targets in the context of the app they ’ re using . harvesting and OS vulnerabilities , you need a dedicated mobile security solution that takes a Zero Trust approach . As President Biden as well as the Office of Management and Budget ( OMB ) provides guidance on Zero Trust , all government organizations need to ensure that they take into account all mobile endpoint risks as part of their Zero Trust architecture .
What should CISOs be including in their-cyber strategies for the year ahead , considering the increase in mobile attacks ?
Protecting against mobile phishing is a critical part of any modern security posture as this is the most common threat vector for credential compromise , which actors use to kick off more advanced attacks like ransomware .
The changes in how we work have expanded the risk landscape for every organization as employees use a mix of personal or unmanaged devices and networks to access sensitive data .
Without the right solutions in place , organizations are leaving their employees exposed to advanced threats that take advantage of the lack of protection employees have on personal devices and networks . Context-based data access is the best way for organizations to institute Zero Trust in the hybrid work environment . Understanding clues such as location , device type and user risk posture can be crucial when trying to identify compromised accounts being leveraged by threat actors . p
In order to protect themselves and their users , state and local governments need to implement mobile phishing protection that takes a Zero Trust approach across their entire user base . It ’ s critically important to extend these protections to both corporate-owned and personal devices . By proactively and automatically monitoring for threats on these often overlooked mobile devices , these solutions can provide increased visibility .
How can government agencies best keep pace with the evolution of the cyberthreat environment ?
The use of personal mobile devices for work is not going away , so government entities need to develop a strategy that allows them to embrace unmanaged devices while staying secure and respecting the privacy of their employees .
One thing organizations can do is ask employees to only use personal devices from an approved list . But to truly mitigate threats against phishing , credential
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 55