Improving Mobile Security:

What Financial Institutions Can Do

Mobile devices have become a vital tool in our remote work climate, especially with the onset of the COVID-19 pandemic. While mobile technology offers a suite of benefits, it poses cybersecurity risks to enterprises. Mobile security is often overlooked, with vulnerable devices emerging as valuable prime targets for cybercriminals.
Cyber threats to mobile devices affect financial organisations in particular, as confidential and highly sensitive information are collected and exchanged in daily operations. Hence, it is imperative that financial institutions take the appropriate steps to mitigate risks and ensure regulatory compliance.  

Common Mobile Security Threats

1. Malware & Malicious Apps

Cyber attackers use a multitude of malware to target mobile devices, including spyware and banking Trojan malware. Spyware such as Pegasus was discovered to possess the capability of infecting devices without user’s knowledge. Malicious apps can also parade as legit apps on official app store, tricking users into downloading them.  

2. Vulnerable Software & Systems

Like IoT devices, IT systems and networks, mobile devices possess vulnerabilities, be it in the operating system or applications. Contrary to popular belief, Apple devices are vulnerable to malicious exploits. Although new updates are frequently rolled out, attackers can target zero-day vulnerabilities to compromise device security.

3. Phishing Attacks

Threat actors often use phishing attacks as a means to distribute malware to steal credentials and gain access to target systems. In 2021, cyber attackers targeted Slack and BaseCamp users with phishing attacks to distribute BazarLoader malware. In addition to phishing emails, attackers also use other methods such as call and text messages. In Singapore, scammers target bank users through SMS and phone calls, tricking users into divulging their credentials.

What Can Your Company Do to Enhance Mobile Security?

1. Vigilant Monitoring & Incident Response

The key to enhancing mobile security is to take a proactive stance through vigilant threat monitoring and detection. As part of the Monetary Authority of Singapore’s Technology Risk Management (MAS TRM) Guidelines, financial institutions are required to have cyber event monitoring, detection and cyber incident response. 24×7 threat monitoring and remediation on endpoints is especially crucial as cyber attackers often target off-work hours and holiday seasons to launch attacks against organisations.

2. Policies & Procedures

Internally, companies should have regular review on their policies and procedures to ensure that business processes and employees’ cyber code of conduct align with security needs and best cybersecurity practices. For example, implementing corporate mobile security policies with clearly defined protocols on the access restrictions and the type of apps that employees are allowed to use. 

3. Cybersecurity Awareness Training

Education is also a key facet in robust mobile security. Management and leadership should aim to educate users and employees on safe cyber practices and recognising phishing threats. Considering that threats are consistently evolving and the landscape of mobile security constantly shifts, employees must stay up to date so as to prevent any cyber security slip-ups. 

The Value of Investing in Mobile Security

Developing and deploying an effective mobile security strategy is vital for organisations to defend against cyber attacks. CSIntelligence provides comprehensive Managed PDR, which assists in MAS TRM compliance through cyber threat monitoring, detection and remediation.

Reach out to us for a non-obligatory discussion on how we can support your mobile security with robust cybersecurity operations and management to meet your organisation’s needs. 

Contact Us

    What cybersecurity services are you interested in?
    By submitting this form, you agree to our Privacy Policy.