Mobile devices and browsers are an enticing target for cyber attackers looking to exploit zero days and conduct socially engineered phishing attacks, yet in many organizations, mobile security is treated like a second-class citizen. Today we announced an industry first by extending our cloud based SWG to include web isolation for mobile devices. This new offering is designed to eliminate the threat of malware and phishing attacks when users are accessing the internet and email from their smartphones and tablets.
We’re committed to securing work where it happens, and our mobile isolation capability extends the same protection for the PC to smartphones and tablets, securing today’s modern workforce.
With mobile device usage continuing to grow in the enterprise the security risk has increased accordingly:
Browser vulnerabilities: Web browsers are increasingly being used to access new applications and cloud resources. This makes web browsers a significant target for attackers to exploit and gain a foothold in the enterprise. Recent research published by Menlo Labs showed how 83 percent of browsers were not patched within 30 days by enterprises after a Chrome update. Because mobile browsers are updated less frequently than desktop browsers, Menlo Labs anticipates the same problem with mobile devices. Two recent bugs fixed by Apple and Google on their web browsers that were actively exploited in the wild are leading indicators of the increasing focus on mobile browsers.
Phishing: According to industry research, the surge in remote work has increased mobile phishing attacks by 37 percent globally and 66 percent in North America alone. The report found that unmitigated mobile phishing threats could cost organizations with 10,000 mobile devices as much as $35 million per incident, and up to $150 million for organizations with 50,000 mobile devices.
Malicious document download: Malicious file downloads on mobile devices are another area of risk. File-based threats are occurring with greater frequency and higher success rates as threat actors have continued to hone and adapt their social engineering and spear phishing skills to fit today’s trends, including the use of mobile browsers. Consider that hundreds of millions of users are now working remotely and relying on Software as a Service (SaaS) platforms and rich web apps to improve mobility and productivity. As a result, mission-critical files and documents increasingly live outside the corporate firewall, unprotected by the organization’s security policies and controls.
The new mobile isolation offering provides the same benefits of Menlo Security’s traditional isolation solution for desktop computers, including Data Loss Prevention (DLP), read-only phishing protection, and download controls. Additionally, all links sent in mobile applications will be opened in the default browser where there are read-only protections.
The Menlo Security Secure Web Gateway with Isolation Core solution supports Apple iOS, Apple iPadOS, and Google Android operating systems and will integrate directly with the default Safari, Chrome, and Samsung browsers.
 2020 Lookout Mobile Phishing Report