Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Business > The Cybersecurity threat you’re missing

The Cybersecurity threat you’re missing

Published by Gbaf News

Posted on September 26, 2018

5 min read

Last updated: January 21, 2026

Business professionals discussing cybersecurity risks in finance - Global Banking & Finance Review — An image depicting business leaders engaged in a conversation about cybersecurity threats, particularly in the finance sector. This highlights the risks associated with mobile phone communication and phishing attacks, as discussed in the article.

By Peter Matthews, CEO, Metro Communications

Threats to corporate data security are not confined to static computer hardware. But despite high profile cases of mobile phone interception, vulnerabilities generated by voice conversations are still being seriously underestimated throughout the finance industry.

A survey of asset management and investment companies by Wandera found that just one sixth of businesses protect their company mobile phones. Interestingly, it also warned that staff were three times more likely to succumb to phishing attacks on their mobiles than on their desktops. Why?

Perhaps it is because spoken words have no physical form or something to do with the way we respond to a familiar voice, but in my experience, people tend to be less guarded when they communicate over the phone. If emails are private, phone calls are personal. If emails are black and white, phone conversations are colour; the places where we share opinions, exchange confidences and explore issues in-depth.

When we send an email we describe it as travelling across cyberspace. When we’re on the phone, our reference point isn’t ‘the ether’ but the individual or individuals we’re speaking with (and physically seeing during a video conferencing call). This sense of informality and privacy is the next best thing to talking face to face, and it leads to unguarded conversations that can be highly lucrative to hackers.

We may never know how much information was gleaned from the alleged attempted hacking of phones belonging to Qatar’s Emir, Sheikh Tamim bin Hamad Al Thani, and Saudi Prince Mutaib bin Abdullah, reported last month by the New York Times, but the Pegasus spyware implicated in the attack is reported to cost $500,000 to install and $65,000 for each target. The government agencies who buy it and the disgruntled member of staff who reportedly attempted to sell the stolen code on the dark web for $50 million, clearly think it’s worth the investment.

Businesses need to remember that:

conversation is data transfer, equivalent to sending a file explaining what you are planning and doing, where, when and with whom
information is currency, pure gold to hackers seeking to impersonate an individual and exploit their location, business dealings, contacts and relationships
mobile phones are entry points, and hackers will take advantage of the weakest link to infiltrate computer systems
mobile devices are part of the IT estate, even if you operate a bring your own device (BYOD) policy
where there is data there is risk, don’t equate the size of the device with the size of the risk

Mobile devices are places where personal and business data mingle, creating additional layers of vulnerability. An estimated 10% of employees download and play games on their corporate devices on a daily basis. In order to do so they unlock their phone’s front doors to let the visiting app in and many leave it permanently open, making it easier for hackers to install eavesdropping malware that might not be detected for years, if at all.

While no business leader or cyber security information officer would ever suggest that ‘big cyber’ causes major problems while portable devices are a low-risk speck in their peripheral vision, it is certainly the case that investment in cyber security tends to focus on protecting an organisation’s large, static computer hardware whilst mobile devices remain unprotected.

Every organisation owes a duty of care towards its data. This obligation links responsibilities to customers, employees, shareholders, partners and everyone in between and it means that businesses have a responsibility to promote a security culture, not a blame culture.

Secure mobile phone communications should be a standard part of a multi-layered and wide-ranging response to cyber security. Raising awareness and understanding human behaviour is a vital part of this.

Where staff have unlimited minutes and data on their work mobiles they may see no harm in visiting unsecured websites, connecting over untrusted WiFi or downloading gaming and gambling apps from unknown sources. Ensure they are aware of the risks and take action to secure confidential communications held on mobile phones, including video conferencing. Consider acceptable use policies, enterprise management solutions (including so-called ‘agentless’ solutions), regular phishing exercises and secure communications apps.

Cyber security is ultimately about data, not devices. However, devices are important points of entry and some are routinely overlooked. We might be using our mobile phones less to speak and more to text on a personal level, but remote working and international business groups mean that the business voice and conference calls are alive and kicking.

Much of what has been written about the psychology of cyber security focuses on the techniques used by hackers to manipulate their targets into doing things they otherwise wouldn’t do, such as clicking on phishing emails. But once they have access, hackers are increasingly taking advantage of something that comes naturally to us: speaking openly on our mobile phones. It doesn’t pay to have a blind spot.

For more advice about how to protect your mobile phone conversations, contact Metro Communications.