T
The mobile-first, cloud-first, perimeter-
less modern workplace has resulted in
employees accessing corporate data
and networks from anywhere, on any
device. Today employees keep their
mobile device with them constantly.
Along with other major sectors, the
manufacturing industry has embraced
this new BYOD world to help achieve
greater productivity, efficiency and fluidity.
In fact, a joint study by LNS Research
and MESA International revealed that
54% of manufacturing plant managers
and supervisors expect mobile devices
to provide them with all the information
needed for them to do their job.
However, it has created an array of new
cyberthreats that many manufacturers
may not be equipped to handle.
Mobile security is often an area
overlooked by security teams. According
to the Verizon Mobile Security Index
(MSI), 67% of companies surveyed
were less confident in the security of
their mobile assets compared to other
devices. As manufacturing transactions
are increasingly occurring on mobile
devices, organisations need to wake up
to the challenge of securing all devices
that connect to the corporate network.
Mobile phishing in a mobile world
With mobile devices providing new
profitable avenues of attack for
cybercriminals, we have seen bad actors
evolve their phishing tactics beyond
email. The Verizon MSI 2019 reported
85% of phishing attacks on mobile
devices took place outside email and
over two fifths of respondents had fallen
victim to a mobile phishing attack.
Also, Lookout data shows that enterprise
users are three times more likely to
fall for a phishing link when on a small
screen than when using a desktop
computer. This could be because the
mobile user interface makes it difficult
for users to identify phishing attacks due
to the inability to hover over hyperlinks
to show destinations.
Tom Davison, EMEA Technical Director
at Lookout
www.intelligentciso.com
|
Issue20
Furthermore, users often don’t take the
extra time to ensure content is safe due
to a misguided trust in the ‘inherent’
FEATURE
security of mobile devices. Often,
if the user is not a trained security
professional, then identifying phishing
on mobile is extremely difficult to spot
with the naked eye hence why mobile
phishing represents such a huge risk
to manufacturers.
Manufacturing companies must realise
it only takes one misstep to compromise
a mobile device, whether this be from
clicking on a malicious URL in a browser
window or a malicious link in an email.
Some of the most common attack
vectors are malicious ad networks,
personal email, messaging platforms
and SMS messages. Not to mention
the plethora of popular and highly
used social media apps like Facebook
Messenger and Instagram that have
become a breeding ground for phishing
scams. If these routes of attack are
overlooked, security professionals are
effectively putting their organisation at
serious risk.
With mobile
devices providing
new profitable
avenues of attack
for cybercriminals,
we have seen bad
actors evolve their
phishing tactics
beyond email.
Safeguarding the
manufacturing industry
If an attacker breaches the network of
a manufacturing plant or utility provider,
they could steal critical sensitive
information or install malware that shuts
down production, costing millions in lost
revenue. You only need to look to Norsk
Hydro, NotPetya or Stuxnet to see that
cybercriminals are out to sabotage IT
and OT systems any way they can.
49