View all on-demand sessions from the Intelligent Security Summit here.
According to Lookout’s Government Threat Report 2022, the risk of mobile phishing and device vulnerabilities within U.S. government agencies (federal, state, and local) is on the rise. In fact, nearly 50% of all phishing attacks targeting government employees in 2021 were designed to steal employee credentials, up from 30% in 2020.
In addition to the increase in phishing attacks against government employees, the report’s findings include:
- Federal, state and local governments increased their reliance on unattended mobile devices by 55% between 2020 and 2021, indicating a move toward BYOD to support a larger remote workforce.
- One in eight government employees was exposed to phishing threats. With over two million federal government employees alone, this represents a significant potential attack surface, as it only takes one successful phishing attempt to compromise an entire agency.
- There was a steady increase in mobile phishing encounters for state and local governments on both managed and unmanaged devices, rising 48% and 25% respectively between 2020 and 2021. This steady increase continued into the first half of 2022.
- Threat actors are becoming more sophisticated: 16% of phishing attacks also attempt to deliver malware.
- Nearly 50% of state and local government employees use outdated Android operating systems, exposing them to hundreds of device vulnerabilities. However, this is an improvement from 99% in 2021.
Phishing attacks on the government in particular have a major impact
Government organizations store and transmit a variety of sensitive data, the security of which is essential to the well-being of hundreds of millions of people. A breach of a government agency that results in leaked data, stolen credentials, or a forced shutdown of operations due to ransomware can have a disproportionate impact compared to a typical cybersecurity incident.
In addition, government employees use iOS, Android and ChromeOS devices every day to stay productive and increase efficiency. This makes them targets for cyber attackers as their devices are a treasure trove of data and a gateway to government infrastructure. Due to the personal nature of smartphones, tablets, and Chromebooks, endpoint security must protect the user, device, and organization while respecting user privacy.
“It is more important than ever for government agencies to keep pace with the evolution of the cyber threat environment,” said Tony D’Angelo, vice president, Americas Public Sector, Lookout. “Regardless of whether devices are managed, protecting these modern endpoints requires a different approach: one built from the ground up for mobile. Only a modern endpoint security solution can detect mobile threats in apps, device operating systems and network connections while protecting against phishing attacks that steal credentials and deliver malware.”
Methodology
The Lookout Government Threat Report is based on analysis of data specific to federal, state, and local government organizations from the Lookout Security Graph. The chart, which includes telemetry data from analysis of more than 205 million devices and more than 175 million apps, enabled Lookout to identify and break down the most prominent mobile threat agencies in 2021 and the first half of 2022. Information used in this report is compiled from anonymized, aggregated Lookout data.
Read the full report from Lookout.
VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.