Amid the shift to widescale telework to stem the spread of COVID-19, Federal, state, and local government (SLG) employees are dealing with an increase in credential-theft mobile attacks.
A report released today by Lookout, a mobile security firm, found that 70 percent of government-focused mobile phishing attacks sought to steal credentials in 2020, a 67 percent increase from 2019.
As government workers increased their reliance on apps, threats surged by nearly 20-fold across all levels of government as the cybersecurity community recategorized the risks surrounding embedded adware.
The report also found that one in 15 government employees were exposed to phishing threats. “With [more than] two million Federal government employees alone, this represents a significant potential attack surface because it only takes one successful phishing attempt to compromise an entire agency,” Lookout said.
SLG employees are facing an increased risk because nearly one-quarter of state and local government employees use personal unmanaged devices. This is compared to nearly 9 percent of Federal government employees.
Lookout highlighted that mobile devices provide the same access to sensitive data as desktop and laptop computers, but frequently don’t have endpoint security installed. The report said that comprehensive mobile security is “critical” to defend these devices from cyberattacks, and “must be part of all government cybersecurity strategies.” That alone isn’t enough, the firm said, adding that mobile endpoint security should be paired with education and awareness training for all employees.
“In the telework era, Android, iOS and Chrome OS devices are now primary tools for productivity, but U.S. adversaries recognize our reliance on them and exploit their vulnerabilities,” said Bob Stevens, vice president of Americas at Lookout. “When these devices are compromised, they enable bad actors to enter the room and access confidential conversations and sensitive government data. An app-, network- and device-based approach to mobile security is imperative for all government agencies and departments.”