Virtualization Technology News and Information
Lookout 2020 Predictions: The Mobile-First Decade

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By David Richardson, senior director of product management at Lookout

The Mobile-First Decade

In the past ten years, mobile devices have become so ubiquitious that the majority of Internet traffic originates from mobile devices. In the next ten years, this trend will become even more pronounced as our mobile devices become the central point of contact for the next generation of smart devices and wearable technology. As mobile devices blur the lines between personal and professional profiles, attackers have turned their attention to target them.

Read on for some of the most important trends in mobile security in 2020.

1. Mobile Will Become the Primary Phishing Attack Vector

Lookout expects credential phishing attempts targeting mobile devices to become more common than traditional email-based attacks. Traditional secure email gateways block potential phishing emails and malicious URLs, which works for protecting corporate email from account takeover attacks, but neglects mobile attack vectors, including personal email, social networking, and other mobile centric messaging platforms such as secure messaging apps and SMS/MMS. Moreover, mobile devices are targeted not only because of these new avenues but also because the personal nature of the device and its user interface. Enterprises must realize that when it comes to social engineering in a post-perimeter world, corporate email is not the only, or even the primary, attack vector used. 

2. 2FA is dead. Long live MFA.

Authentication will move from two-factor to multi-factor, including biometrics in 2020. Most companies have implemented one time authorization codes (OTAC) to provide two-factor authentication (2FA), but Lookout, and others in the industry, have already seen OTAC targeted by advanced phishing attacks. To protect against credential theft and to address regulatory compliance, enterprises are increasingly adopting MFA and biometrics using mobile devices. This new approach strengthens authentication and improves user experience, but it is critical that the mobile device is free from compromise.

3. Threat Actors will Leverage Machine Learning to Operate Autonomously

One example of where we may see attackers implement machine learning is into the execution of phishing campaigns. Phishing lures and landing pages will be A/B tested by AI algorithms to improve conversion rates, while new domains will be generated and registered by AI algorithms. These enhancements will allow attacks to move faster than most existing solutions could detect them.

4. 2020 Election Hacking Will Focus on Mobile

As cyber attacks have evolved to target mobile devices because of their nature and form factor, so will cyber attacks in the 2020 Presidential Election. Spear phishing campaigns are moving beyond the traditional email-based phishing attacks we saw in the 2016 election cycle to advanced attacks that involve encrypted messaging apps, social media and fake voice calls. Before the next election is over, we will likely see some kind of compromise as the result of a social engineering or mobile phishing attack, particularly as presidential campaigns embrace mobile devices in their canvassing efforts. 

5. Partnerships Are the New Consolidation

Within the past decade there have been many mergers and acquisitions within the security industry. That trend will likely continue, but now vendors will also tightly integrate their solutions to improve enterprise security. And, as we move into 2020 and beyond, a new trend is emerging that will see security vendors forming alliances -- even with those they consider their competitors -- and strategically collaborating to combat threats for the greater good. A recent example of this is the App Defense Alliance, which was launched in late 2019 to combat malicious apps on Google Play. These alliances also have a positive effect on AI solutions, as the corpus of data grows for Machine Learning algorithms to ingest.


About the Author

David Richardson 

David Richardson was a founding engineer at Lookout turned product manager. He currently manages the mobile endpoint security products for enterprises. David has been awarded 28 patents in mobile security. He has also been a regular speaker at Black Hat & Defcon on various Android and iOS security issues. 

Published Friday, December 20, 2019 7:25 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2019>