The past year was one that saw the greatest number of successful cyberattacks. The number of data breaches between September 2021 and February 2022 was 17% more than the total number of successful cyberattacks compared to 2020.
Security leaders must look back at the last twelve months and analyze the most severe cyber incidents. Then, they have to make security strategies for next year, focusing on mobile security. Mobile security has traditionally been considered a lower priority than desktop security.
Let’s begin by reviewing the 2021 incidents before discussing the most significant risks security professionals will face in 2022.
2021: Mobile authentication methods are no longer valid
Unsurprisingly, the largest cyberattacks in 2021 occurred after the primary protectors of the year were compromised: the password and the SMS one-time passcode (OTP) to two-factor authentication (2FA).
The news of the Colonial Pipeline hack caused a worldwide panic. It was the largest fuel pipe in the United States. This led to severe shortages along the East Coast.
Security professionals may believe that only the most skilled hackers can achieve hacks of this scale, but they are wrong.
The cyberattack was caused by a single compromised password that was later discovered through a dark web data leak. Colonial employees may have used the same password to hack another account. This is a common mistake today because of the difficulty of managing tens of thousands of passwords.
66% of digital users use the same password across websites, either “always” or “mostly.” It is easy to see why this attack was possible.
Multi-factor authentication is a great way to increase security for business accounts. However, if security officers can add another factor to their security teams that isn’t SMS OTP 2FA, they should.
Another major incident in 2018 was the Coinbase Hack. This attack was caused by flaws within the company’s SMS2FA system. Cybercriminals stole cryptocurrency from around 6,000 Coinbase customers in this attack.
Cybercriminals require the user’s email address, password, and phone number to take control of an account via SMS 2FA. There are two options: a previous data breach or a phishing attack that Coinbase claimed targeted its users in April and May 2021.
Although the company did not identify the problem, they claim that the hack was caused by a flaw within their SMS account recovery process. However, cybersecurity professionals must be aware of the inherent flaws SMS 2FA has.
SMS uses the SS7 switching protocol, which had not changed since 1975, when SMS was first introduced. Criminals can use this design flaw to intercept or reroute the SMS that contains your one-time password.
SMS 2FA also comes with the risk that SIM swapping can occur. This is a method in which fraudsters steal personal information like first and last names, social insurance numbers, dates of birth, and other details to fool mobile network operators and gain control of SIM cards. Although this may seem like a lot, 80% of SIM swap attacks succeed.
In 2021, security officials also saw an increase in OTP intercept bots. These bots are designed to assist cyber criminals in quickly intercepting OTPs. The risk of hackers gaining access to this game on a large scale is unacceptable.
Cybersecurity professionals need to consider whether 2022 will be the year that they retire these authentication methods.
2022: How to prepare for the mobile threat landscape’s expansion
The mobile threat landscape is only going to continue growing this year. The main catalysts for this growth are work-from-home, bring your own devices (BYOD), policies, and the ongoing pandemic.
Companies must be aware of the BYOD policies and work-from-home practices in a business setting. Remote workers work from their homes, so security measures must be taken to protect them.
Multi-factor authentication is the minimum, but continuous and zero-trust security architectures are possible if this type of investment is feasible.
The private sector saw remote workers do almost everything online. It is unlikely that the situation will change. Once employees have tried remote work, it is hard to forget the convenience.
The pandemic resulted in a surge of cyberattacks. Education of the public is the best way to stop them.
Multi-factor authentication is used in both cases. It’s crucial to ensure that security systems offer a great user experience and security. Security professionals can consider biometrics and mobile IP address-based authentication the two mainstays of frictionless user experiences.
Cybersecurity professionals risk users or employees cutting corners, abandoning login processes altogether, or even abandoning them entirely, which would defeat the purpose of having it implemented.
Hope you liked this article on How To Prepare For Mobile Security in 2022
Are you interested in kickstarting your career in Cybersecurity no matter your educational background or experience? Click Here to find out how.