All eyes on mobile

Of all the data points contained in Zimperium’s recently released 2022 Global Mobile Threat Report, perhaps the most shocking is the spike in known cases of zero-day exploits being used in attacks against mobile devices. A zero-day exploit is one where the vendor is unaware of the corresponding vulnerability at the time of attack and has therefore not provided a workable patch. The number jumped to 17 from three the previous year, while the share of zero-days that were mobile-specific increased from 11% to 31%.

To me, these numbers confirm that as the primary compute device on the planet, smartphones are now rightly seen by threat actors as targets worthy of effort, a situation exacerbated in large part by the work-from-anywhere mindset necessitated by the pandemic. A compromised smartphone can be used to obtain or deduce an organization’s secrets and gain illicit access into its most vital systems.

Seen from this light, mobile security is no longer a “nice to have” but an imperative in any security program. Only with a holistic view of the threat landscape can security teams work to both prevent mobile attacks and mitigate the fallout of a compromised mobile device.