Episode 54 of the Cybersecurity Minute features highlights from an interview with Aaron Cockerill, chief strategy officer of Lookout, on his company’s mobile phishing research that was released this week. Cockerill met with Tom Smith and Kieron Allen from the Acceleration Economy analyst team to talk about the findings, where the biggest threats lie, and how companies can protect their data and systems from evolving forms of phishing.
Lookout is on Acceleration Economy’s Top 10 Shortlist of Cybersecurity Business Enablers. The report is available through the Lookout website.
This episode is sponsored by Acceleration Economy’s Digital CIO Summit, taking place April 4-6. Register for the free event here. Tune in to the event to hear from CIO practitioners discuss their modernization and growth strategies.
01:45 — The analysts ask Aaron how Lookout gathers the mobile phishing data, why users are clicking on more phishing links than ever before, the tools and strategies that can be employed to combat phishing in its various forms, and, finally, the most surprising finding(s). If you weren’t aware, phishing now extends to voice, SMS, and QR codes.
03:13 — Cockerill explains that Lookout protects over 210 million devices from malicious attack and its software looks at URLs that are sent to the device for legitimacy and to determine whether they’re malicious, phishing links, and so on. He notes that Lookout analyzes “large swaths” of the internet, reviewing over four million links a day to see if they are potentially malicious. In the report, there’s a distinction between whether people who encounter or receive a link actually click on it. Users still click on them, unfortunately, in an increasing number of cases, even when they are warned about the links.
04:08 — Cockerill says the company is not trying to sensationalize the data, but rather trying to show the increasing numbers over time and why enterprises need protection against mobile phishing. Phishing attacks are working because bad actors have increasingly effective methods of getting users to click; they increasingly look legitimate. More sophisticated attacks are now leveraging multiple forms of social engineering such as a simultaneous phone call and SMS message that says it’s coming from a known brand.
06:20 — Asked how companies can prevent or mitigate such attacks, Cockerill notes there’s no silver bullet. One of the important layers of protection is filtering URLs using a platform like Lookout. Another critical part is training users. Most companies tend to run education programs around what is a good versus bad link or what is a good versus bad email. All of those are increasingly important, but they also need to educate users about the evolving tactics that are being used.
08:16 — Asked what is most surprising about the results, Cockerill notes his concern over the rate at which users are actually clicking on these links. In 2020, enterprise users clicked at a 1.6% rate. Now that’s over 11%. The rate for personal devices is higher at 27%. Cockerill says that’s a very troubling statistic.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: