Why Mobile Devices Are Now Cybercrime’s Primary Entry Point

Posted: Thursday, Jan 15

KBI.Media
$
Why Mobile Devices Are Now Cybercrime’s Primary Entry Point

Karissa Breen, more commonly known as KB, is crowned a LinkedIn ‘Top Voice in Technology’, and widely recognised across the global cybersecurity industry. A serial entrepreneur, she is the co-founder of the TMFE Group, a portfolio of cybersecurity-focused businesses spanning an industry-leading media platform, a specialist marketing agency, a content production studio, and the executive headhunting firm, MercSec. Now based in the United States, KB oversees US editorial operations and leads the expansion of the group’s media footprint across North America, while maintaining a strong presence in Australia, and the broader global market. She is the former Producer and Host of the streaming show 2Fa.tv, and currently sits at the helm of journalism for the group’s flagship arm, KBI.Media, the independent cybersecurity media company. As a cybersecurity investigative journalist, KB hosts her globally-renowned podcast, KBKast, where she interviews leading cybersecurity practitioners, CISOs, government officials including heads-of-state, and industry pioneers from around the world. The podcast has been downloaded in over 65 countries with more than 400,000 global downloads, influencing billions of dollars in cybersecurity budgets. KB is known for asking the hard questions and extracting real, commercially relevant insights. Her approach provides an uncoloured, strategic lens on the evolving cybersecurity landscape, demystifying complex security issues and translating them into practical intelligence for executives navigating risk, regulation, and rapid technological change.

i 3 Table of Contents

Why Mobile Devices Are Now Cybercrime’s Primary Entry Point

From Karissa Breen

Most organisations believe their risk is under control. Endpoints are hardened. Networks are monitored. Identity systems are layered and audited. Yet breaches continue and, increasingly, they don’t start where defenders are looking.

Jeff Lindholm, Chief Revenue Officer at Lookout, talks about a shift that has been quietly reshaping cyber risk. Mobile or cell phone devices are now the most consistent starting point for credential theft, and most enterprises are still treating them as secondary.

“The vast majority of breaches, at least 60% – initiate with credential theft,” Lindholm says.

Breaches don’t usually begin with sophisticated exploits or perimeter failures. They begin with valid credentials, and those credentials are increasingly harvested from phones.

“It’s really the mobile endpoint that is becoming increasingly popular as the weapon of choice for credential theft,” Lindholm says.

Phones sit at the centre of modern work. They’re always on, always connected, and used in environments where scrutiny drops. Small screens, constant context switching and habitual behaviour combine to create a reliable attack surface.

Attackers aren’t relying on email phishing alone anymore. They’re using AI-generated messages across SMS, collaboration apps, social platforms, QR codes, and even deepfake audio or video.

“There’s much more of the human factor that can be taken advantage of by the bad guys,” Lindholm says.

Cell phones blur personal and professional use. That ambiguity works in the attacker’s favour. A message that might raise suspicion on a laptop often passes on a phone, quickly, casually and without inspection.

Many organisations assume mobile device management (MDM) is enough. It isn’t.

“The MDM is essentially the enforcement point,” Lindholm says, “but if you don’t have the ability to detect things, then having an enforcement point without that insight is useless.”

Control without visibility creates false assurance. Policies can be enforced perfectly while compromise goes unnoticed.

This is compounded by organisational structure. Security teams and mobility teams still operate in silos, one optimising for risk reduction, the other for usability and deployment. Only recently has collaboration increased, driven by the realisation that mobile endpoints represent an expanding attack surface.

Work email on phones was once optional. Today, it’s pretty much assumed.

Messaging apps, QR-based workflows, mobile-first authentication and constant notifications became normal without a corresponding shift in defensive posture.

“That has blasted onto the scene in the last 24 months in a major way,” Lindholm says. “And I don’t think people necessarily predicted that, or are necessarily prepared for that today.”

The result is a security model optimised for laptops, while attackers focus elsewhere.

Even among mature security teams, mobile protection lags.

“There’s a lot of them that are sort of in an underdeveloped state to be properly protected from these mobile endpoint-based attacks,” Lindholm says.

The critical question isn’t whether phones are managed. It’s whether organisations can detect, investigate, and respond to mobile originated compromise with the same confidence they apply to traditional endpoints.

“Are they really prepared equally well from the onslaught of these mobile endpoint–based attacks as they are with the conventional kind of laptop, desktop kind of attacks?” Lindholm asks.

For most, the honest answer is no.

“The time span where that’s a vulnerable endpoint is really, really long,” Lindholm says.

Phones are always within reach. Always trusted. Always connected. Attackers don’t need advanced exploits when they can reliably trigger urgency, curiosity, or habit.

If the next major breach traces back to someone’s phone, whether that be a text, a QR code, a convincing message opened between meetings, it won’t be surprising.

Mobile devices are no longer a secondary risk surface. They are the gateway.