Your Phone Is a Target

by | Mar 2, 2026 | IT News & Insights New Zealand | Cybersecurity, AI & Microsoft Updates, Security

Why Mobile Security Can’t Be an Afterthought

Think about everything on your smartphone or tablet right now: your email, your banking app, Microsoft 365, client communications, multifactor authentication codes, and a direct line into your company’s cloud systems.

Now ask yourself — how seriously are you protecting it?

For most New Zealand businesses, mobile devices remain one of the biggest blind spots in their cybersecurity strategy. Yet the evidence is clear: attackers know this, and they’re exploiting it.

The Scale of the Problem Is Growing Fast

Mobile threats are surging at an alarming rate. According to Kaspersky, there were 29% more attacks on Android smartphone users in the first half of 2025 compared to the same period in 2024 , and 48% more compared to the second half of 2024. Meanwhile, Lookout’s 2024 Annual Mobile Threat Report found that threat actors, from nation-states to individual criminals, are increasingly targeting mobile devices as their first point of attack — using them as a gateway to infiltrate corporate cloud systems. 

And it’s not just Android users who need to worry. In 2024, 26% of iOS devices were targeted by phishing attacks, compared to 12% of Android devices, meaning Apple’s walled garden offers less protection than many people assume when it comes to social engineering and credential theft.

Closer to home, New Zealanders lost an estimated $1.6 billion to online threats in 2024, with 54% of adult New Zealanders having experienced an online threat in the last six months of the year. Phone calls accounted for 46% of threat delivery, and text messages 35%.

No Operating System Is Immune

A common misconception is that iPhones are inherently safe and that threats primarily target Android. The reality is more nuanced. In early 2024, researchers discovered “SparkCat” malware embedded in apps on both Google Play and Apple’s App Store — marking the first known OCR malware to infiltrate Apple’s official marketplace. Both stores removed the infected apps in February 2025, but telemetry data showed the malware continued spreading through unofficial sources.

On the Android side, the number of mobile banking trojans detected in the first half of 2025 was nearly four times higher than in the first half of 2024, with criminals disguising malware as legitimate apps including calculators, banking tools, and reward programs.

Outdated Devices Are Open Doors

One of the simplest and most overlooked risks is simply failing to keep devices updated. In Q4 2024, 17.23% of Android devices were running an operating system version no longer receiving security updates, and 44% of iPhones do not have automatic updates enabled.  Every unpatched device is an open invitation.

According to Verizon’s 2025 Mobile Security Index, 63% of organisations suffered significant repercussions from mobile-related downtime — up from 47% in 2024.  That’s not a peripheral problem; it’s a mainstream business risk.

Outdated Devices Are Open Doors

One of the simplest and most overlooked risks is simply failing to keep devices updated. In Q4 2024, 17.23% of Android devices were running an operating system version no longer receiving security updates, and 44% of iPhones do not have automatic updates enabled.  Every unpatched device is an open invitation.

According to Verizon’s 2025 Mobile Security Index, 63% of organisations suffered significant repercussions from mobile-related downtime — up from 47% in 2024.  That’s not a peripheral problem; it’s a mainstream business risk.

What Good Mobile Security Looks Like

Protecting mobile devices isn’t just about installing an antivirus app. A strategic approach includes:

  • Mobile Device Management (MDM): Enforcing security policies across all company and employee-owned devices
  • Endpoint Detection and Response (EDR): Detecting threats at the device level before they escalate
  • MFA app-based authentication: Moving away from SMS-based codes, which are increasingly intercepted
  • Regular patching policies: Ensuring operating systems and apps are updated consistently
  • User awareness training: Teaching staff to recognise smishing, vishing, and social engineering attempts

At Kinetics, mobile security is integrated into our KARE Foundation service — not bolted on as an afterthought. We help businesses build a consistent, policy-driven approach to mobile protection that covers both company-managed and bring-your-own-device (BYOD) environments. They just have to be included in your KARE cyber-security contract.

Your mobile devices are endpoints just like any server or workstation. It’s time to treat them that way.