French companies invest millions of euros every year in cybersecurity: next-generation firewalls, EDR solutions, employee training, regular audits, etc. However, one critical aspect still too often escapes their attention: their employees' work and personal smartphones. And cybercriminals are well aware of this.
The stats show it: mobile phishing attacks have gone up by 40%*, taking advantage of specific vulnerabilities in mobile operating systems and apps. This increase is a worrying trend for french businesses.
*Source : Trend Micro - "Top 15 Phishing Stats to Know in 2024"
The answer lies in several technical and behavioural factors:
1/ Firstly, the reduced screen size of smartphones makes it more difficult to detect signs of phishing. Shortened URLs, the inability to hover links with the mouse, and truncated email addresses make phishing much easier. On mobile devices, users often only see ‘support@apple...’ without being able to check the full domain name.
2/ Secondly, smartphones constantly blur the lines between personal and professional use. An employee who checks work emails on their personal phone while scrolling through social media or replying to text messages naturally lowers their guard. This porosity between private and professional spheres creates ideal opportunities for attackers.
3/ Finally, unlike company devices, which are generally well protected, smartphones rarely benefit from the same level of security. There is no systematic antivirus software, no advanced web filtering, and often third-party applications installed without IT control.
💡 A study also reveals that mobile device users are facing a phishing attack rate that is 25 to 40 per cent* higher than users of desktop devices. *Source : Keepnet Labs (2024) - "2025 Phishing Statistics"
Wondering if your company is sufficiently protected ? Discover how bconnex can protect your mobile fleet using solutions tailored to your needs.
Attacks targeting mobile devices are not merely a theoretical threat. They have recently caused devastating losses for several large companies.
In 2025, several major international groups suffered major cyberattacks initiated through account and access compromise tactics, affecting their IT systems and supply chains in particular. These incidents revealed how a security breach, often initiated by social engineering techniques targeting IT teams via multiple communication channels, can paralyse an entire industrial ecosystem.
▶ What is social engineering ?
Social engineering refers to the set of psychological manipulation techniques used by cybercriminals to trick their victims into divulging confidential information or performing compromising actions. Unlike purely technical attacks, social engineering exploits trust, urgency or fear to bypass security measures. A phone call from a fake technical support representative, an urgent text message asking you to ‘verify your account’, or a LinkedIn message from a supposed recruiter are all popular methods used on mobile devices.
🚘 In the automobile industry, an attack led to a complete halt in production for several weeks. The estimated losses for the company were between $1.2 billion and $1.9 billion, representing more than 50% of the previous year's net profit. The impact was so severe that it affected the country's GDP, with thousands of jobs threatened and the supply chain severely disrupted.
Countless real-life cases demonstrate that mobile devices and poorly secured access points are now the weak link of information systems, even for companies with substantial cybersecurity budgets. A simple compromise of credentials through social engineering can turn into an industrial and financial disaster.
These attacks do not only affect large international groups. Cybercriminals now target all businesses, regardless of their size. French mid-sized companies and SMEs are also experiencing increasingly sophisticated cyberattacks, with impacts that can compromise their business continuity. Size no longer provides protection: the same vulnerabilities – insufficiently protected mobile devices, unclear BYOD policies, lack of access monitoring – expose all organisations to the same risks.
The widespread adoption of remote working and BYOD (Bring Your Own Device) practices has profoundly transformed the corporate cybersecurity landscape. This has created several critical vulnerabilities :
You can find more information about it :
Cyberattacks are not just minor technical inconveniences. They have major, measurable repercussions on the activities of French companies.
📊 ANSSI, the French National Cybersecurity Agency, handled 4,386 security incidents in 2024, representing a 15% increase compared to 2023*. This spike reflects not only the intensification of attacks, but also the proliferation of entry points via inadequately secured devices. *Source: ANSSI (2025) - ‘Panorama of cyber threats 2024’
Direct and indirect costs are considerable. Beyond immediate technical remediation, businesses must deal with business interruption, sometimes lasting several days. Impacts include revenue loss during the incident, data recovery costs, reputational damage, and potentially regulatory penalties.
CNIL received 5,629 notifications of data breaches in 2024, an increase of 20% compared to 2023. Each breach detected can result in financial penalties of up to 4% of the company's global annual turnover.* (French National Agency regulating Data Protection)
Sectors that are particularly exposed include healthcare, finance, law firms and accountancy firms, as well as all companies that handle personal data on a large scale.
*Source: CNIL (2025) - ‘2024 Annual Report - CNIL (2025) - ’Massive data breaches in 2024: what are the main lessons learned and measures to be taken?"
Given these growing threats, companies can no longer settle for partial solutions. Securing the mobile fleet requires a global and modern approach.
Mobile Device Management (MDM) solutions are an essential component of any mobile security strategy. They enable effective configuration management, application deployment, security policy enforcement and control over access to corporate resources. Without MDM, it is impossible to have a clear overview of your mobile fleet.
However, given the evolution of threats, MDMs alone are no longer sufficient to guarantee complete protection. They excel at management and control, but need to be supplemented with additional layers of security :
This is why a modern approach combines MDM and Mobile Endpoint Security: MDM provides governance and control, while a mobile security solution provides detection and protection against advanced threats.
Given the explosion of mobile phishing, companies can adopt a Mobile Endpoint Security strategy that goes beyond simple configuration control. This approach is based on several key pillars:
1. Real-time threat detection 🔍
A modern solution must instantly identify and block specific mobile threats: SMS phishing (smishing), malware apps even from official app stores, dangerous links in instant messaging apps (WhatsApp, Teams, Slack, etc.), and connections to compromised WiFi networks.
2. Privacy in a BYOD environment 💻
Unlike invasive approaches, current solutions protect corporate data without monitoring personal use of the device. This separation is crucial for employee acceptance and GDPR compliance.
3. Integration into a Zero Trust framework ✅
Mobile security must be part of a global Zero Trust strategy, where every device is continuously verified before accessing corporate resources, regardless of its location.
4. Artificial intelligence and machine learning 🚀
New generations of solutions use AI to detect emerging threats even before they are referenced in traditional signature databases. This predictive approach is essential to counter attackers who are constantly updating their techniques.
As a concrete example of this modern approach, let's take Lookout, a leading solution in the field of mobile security for businesses, which we supply and manage for our customers at bconnex.
At bconnex, we don't just provide you with a Lookout licence: we take care of the whole management of the solution for you. From initial configuration to monitoring, security policy optimisation and incident response, our team take complete control of your mobile security. This means you get maximum protection without having to use your internal IT resources.
Lookout stands out thanks to several technical capabilities that are particularly well suited to today's challenges:
🛡️ Multi-channel anti-phishing protection. It detects and blocks phishing attempts across all attack vectors: emails, text messages, messaging apps, social media, and web browsing. Given the rise in mobile phishing, this exhaustive coverage has become essential.
🧑💻 Privacy-friendly BYOD compatibility. Lookout secures personal devices without accessing users' private data. Employees retain their privacy while the company protects its sensitive data, a crucial balance for the solution's adoption.
✅ Simplified deployment. Unlike complex solutions that require manual configuration, Lookout offers one-touch deployment, which greatly simplifies large-scale deployment.
🚀 Predictive intelligence based on AI. The solution relies on data from millions of devices worldwide to train its detection algorithms. This massive database makes it possible to identify new threats before they spread widely.
💪 Integration with existing ecosystems. Lookout is natively integrated with leading Unified Endpoint Management (UEM) solutions, Zero Trust systems, and SIEMs for a centralised view of security.
🔗 Lookout + Mobilehub: a powerful pairing for your mobile fleet
Lookout also integrates with Mobilehub, our SaaS IT fleet management software. This integration allows you to centralise the management and security of your mobile fleet within a single interface.
Beyond technology, securing mobile devices requires a structured organisational approach. Here are the priority actions to implement:
1/ Establish a clear BYOD policy
Define precisely what is permitted and what is not: what types of devices can access company data, which applications are approved, what are the minimum security requirements (OS version, encryption, PIN code, etc.). This policy must be documented, clearly communicated, and formally accepted by each employee.
2/ Raise awareness specifically about mobile threats
Cybersecurity training can no longer be limited to desktop threats. Organize sessions dedicated to mobile risks: how to identify a phishing text message, why you should never connect to unsecured public Wi-Fi to access company data, how to verify the legitimacy of an application before downloading it.
3/ Implementing a Mobile Endpoint Security solution
As we have seen, MDMs alone are no longer sufficient. Invest in a complete mobile threat detection and response solution that protects against phishing, malware, and network attacks in real time.
4/ Enforce multi-factor authentication (MFA)
MFA must be mandatory for all access to company resources from a mobile device. Prioritise phishing-resistant methods such as physical security keys or biometric authentication, rather than simple SMS codes.
5/ Adopting Zero Trust architecture
Integrate mobile devices into your Zero Trust strategy: continuous verification of each device's security status, conditional access based on risk level, context-based access segmentation. No device should be considered trustworthy by default, even if it belongs to the company.
6/ Establish continuous monitoring
Deploy monitoring tools that can quickly detect abnormal behavior: connections from unusual locations, repeated access attempts, massive data downloads. Early detection can make the difference between a minor incident and a major breach.
7/ Prepare a mobile incident response plan
Document the procedures to follow in the event of a mobile device being compromised: how to isolate the device from the corporate network, how to remotely wipe sensitive data, who to contact, how to communicate with the employee concerned. A clear plan enables a quick and effective response.
Smartphones and poorly secured access points have become weak links in corporate cybersecurity, precisely because they have long been neglected in protection strategies. Cybercriminals have understood this and are exploiting this vulnerability on a massive scale, as evidenced by recent major attacks that have paralysed international companies for weeks.
However, solutions do exist. By combining modern technology (Mobile Endpoint Security), clear governance (formalised BYOD policy), targeted awareness, and Zero Trust architecture, companies can regain control of their mobile security.
With a steady rise in cyberattacks and their increasing costs, inaction is no longer an option. Every day without adequate mobile protection exposes your business to major risks: data theft, business interruption, regulatory penalties, and reputational damage.
Contact bconnex group for a free audit of your mobile security posture and discover how to effectively protect your business against mobile threats.
