The rapidly rising reliance on mobile phones in the workplace has facilitated an increased cybersecurity threat from malicious phone hackers that many manufacturers are not equipped to handle. Tom Davison, EMEA Technical Director at Lookout, outlines the steps that both individuals and businesses must take to ensure the security of their most valuable assets, with particular focus on the manufacturing sector.
The mobile-first, cloud-first, perimeter-less modern workplace has resulted in employees accessing corporate data and networks from anywhere, on any device. Today employees keep their mobile device with them constantly.
Along with other major sectors, the manufacturing industry has embraced this new BYOD world to help achieve greater productivity, efficiency and fluidity. In fact, a joint study by LNS Research and MESA International revealed that 54% of manufacturing plant managers and supervisors expect mobile devices to provide them with all the information needed for them to do their job. However, it has created an array of new cyberthreats that many manufacturers may not be equipped to handle.
Mobile security is often an area overlooked by security teams. According to the Verizon Mobile Security Index (MSI), 67% of companies surveyed were less confident in the security of their mobile assets compared to other devices. As manufacturing transactions are increasingly occurring on mobile devices, organisations need to wake up to the challenge of securing all devices that connect to the corporate network.
Mobile phishing in a mobile world
With mobile devices providing new profitable avenues of attack for cybercriminals, we have seen bad actors evolve their phishing tactics beyond email. The Verizon MSI 2019 reported 85% of phishing attacks on mobile devices took place outside email and over two fifths of respondents had fallen victim to a mobile phishing attack.
Also, Lookout data shows that enterprise users are three times more likely to fall for a phishing link when on a small screen than when using a desktop computer. This could be because the mobile user interface makes it difficult for users to identify phishing attacks due to the inability to hover over hyperlinks to show destinations.
Furthermore, users often don’t take the extra time to ensure content is safe due to a misguided trust in the ‘inherent’ security of mobile devices. Often, if the user is not a trained security professional, then identifying phishing on mobile is extremely difficult to spot with the naked eye hence why mobile phishing represents such a huge risk to manufacturers.
Manufacturing companies must realise it only takes one misstep to compromise a mobile device, whether this be from clicking on a malicious URL in a browser window or a malicious link in an email. Some of the most common attack vectors are malicious ad networks, personal email, messaging platforms and SMS messages. Not to mention the plethora of popular and highly used social media apps like Facebook Messenger and Instagram that have become a breeding ground for phishing scams. If these routes of attack are overlooked, security professionals are effectively putting their organisation at serious risk.
Safeguarding the manufacturing industry
If an attacker breaches the network of a manufacturing plant or utility provider, they could steal critical sensitive information or install malware that shuts down production, costing millions in lost revenue. You only need to look to Norsk Hydro, NotPetya or Stuxnet to see that cybercriminals are out to sabotage IT and OT systems anyway they can.
Mobile technologies are becoming strategically important for manufacturing enterprises, with mobility and cybersecurity being two of the top technology priorities for industrial manufacturing CEOs, according to PwC’s 18th Annual Global CEO Survey. As the manufacturing industry becomes increasingly dependent on mobile devices to remain connected and productive, the cybersecurity threat landscape will only continue to expand.
Humans are often the weakest link in cybersecurity, a fact that has never been truer when it comes to mobile phishing attacks. As a result, phishing and content protection on mobile devices should inspect any URL requests from both corporate and personal email, SMS texts, messaging platforms and web browsers, blocking requests from anything identified as potentially malicious. Mobile endpoint security should offer visibility into an organisation’s entire spectrum of mobile risk and apply policies to reduce threat levels.
Industrial manufacturing organisations are often held accountable to certain regulations that require ongoing compliance with cybersecurity regulations. As a result, mobile security tools need to provide continuous visibility and risk reporting on all devices connecting to the corporate network. Continuous assessment of risk means that if a device ever exceeds the accepted levels of risk set by security teams, then access to the corporate network and data will be restricted until the user brings the device back into compliance.
Despite all these challenges, security is becoming an important concern and priority for manufacturers. These businesses are facing a rapid expansion in their mobile workforce who depend on mobile devices to work offsite, deliver on projects and boost efficiency in the field. Typically, manufacturers deploy various security controls, including Enterprise Mobile Management (EMM) software to filter access to corporate resources and a Security Information and Event Management (SIEM) product to gather security data.
Finding a solution that secures the entirety of the workforce while effectively integrating with existing security infrastructure can be a difficult task. To tackle this, having regular user awareness training is strongly advised to help the workforce understand the potential dangers of clicking or opening an unusual link or attachment.
This will help to reduce the threat of the company being hit by a potential phishing attack. In order to efficiently protect critical assets, manufacturing organisations would be well advised to implement a comprehensive Mobile Threat Defence (MTD) that incorporates dedicated phishing and content protection.
In doing so, the business will effectively secure their rapidly growing mobile workforce, enable the business to gain immediate visibility into mobile security whilst reducing the risk posture of their mobile users. This will ultimately ensure that mobile technology within the company is seen as a benefit instead of a security risk.