"Fed and SLG Agencies Need to be on Guard Against Mobile Attacks"

According to new Lookout research, mobile threats to federal, state, and local governments are on the rise. Mobile phishing and device vulnerability risks have increased within government agencies since 2021. Data analyzed by Lookout found that nearly half of phishing attacks aimed at government personnel in 2021 attempted to steal credentials, up from 30 percent in 2020. Furthermore, one in every eight government employees will be vulnerable to phishing attacks in 2021. With over two million federal government employees, this represents a significant potential attack surface, as it only takes one successful phishing attempt to compromise an entire agency. Although mobile and cloud apps have helped agencies stay productive while employees telework, they also significantly increase the risk of successful attacks, according to the report. Federal, state, and local governments increased their reliance on unmanaged mobile devices by 55 percent between 2020 and 2021, and more than one-third of state and local government employees used their own devices in 2021. According to Lookout, this indicates a shift toward Bring-Your-Own-Device (BYOD) in order to support a larger remote workforce. From 2020 to 2021, mobile phishing encounter rates increased in both managed and unmanaged devices at 48 percent and 25 percent, respectively. The steady rise continued through the first half of 2022. Looking specifically at the federal government, Lookout observed a decrease in phishing exposure rates for unmanaged federal devices, implying that agencies increased security awareness for BYOD participants. However, phishing exposure rates for managed federal devices increased from 2020 to 2021 before declining in the first half of 2022. Lookout predicts that holiday-themed phishing attacks will increase exposure rates in the second half of 2022. This article continues to discuss key findings from Lookout's report on the rise in mobile phishing credential theft targeting the US public sector. 

MeriTalk reports "Fed and SLG Agencies Need to be on Guard Against Mobile Attacks"