As information technology underwent unprecedented change this year as remote work became the norm due to COVID-19, the shift accelerated the adoption of cloud services and the assurance that online communications are secure, connected, and productive from anywhere.
To gain more insight in digital changes caused by the pandemic, Ann Arbor’s Duo Security, part of California’s Cisco (which has offices in Southfield and Grand Rapids), has released its 2020 Duo Trusted Access Report, which details how organizations turned to technologies such as virtual private networks (VPNs), remote desktop protocol (RDP), and more.
Duo reports authenticity activity to these technologies swelled 60 percent, helping propel the company’s monthly authentications to 900 million from 600 million per month.
In turn, Cisco reports 96 percent of organizations made cybersecurity policy changes during the pandemic, with more than half implementing multi-factor authentication, while daily authentications to cloud applications surged 40 percent during the first few months of the pandemic. Most came from enterprise and mid-sized organizations looking to ensure access to cloud services.
As organizations scrambled to acquire the equipment to support remote work, employees relied on personal or unmanaged devices in the interim. Consequently, blocked access attempts due to out-of-date devices increased 90 percent in March. The figure fell in April, indicating healthier devices and decreased risk of breach due to malware.
“As the pandemic began, the priority for many organizations was keeping the lights on and accepting risk in order to accomplish this end,” says Dave Lewis, global advisory of CISO (chief information security officer), Duo Security at Cisco. “Attention has now turned towards lessening risk by implementing a more mature and modern security approach that accounts for a traditional corporate perimeter that has been completely upended.”
According to the report, the prevalence of SIM-swapping attacks has driven the organizations to strengthen their authentication schemes. What’s more, year-over-year, the percentage or organizations that enforce a policy to disallow SMS authentication nearly doubled from 8.7 percent to 16.1 percent.
Biometrics also are nearly ubiquitous across enterprise users, paving the way for a passwordless future; 80 percent of mobile devices used for work have biometrics configured, up 12 percent the past five years.
Other report highlights include:
The use of cloud apps are on pace to surpass the use of on-premises apps by next year, accelerated by the shift to remote work. Cloud applications make up 13.2 percent of total Duo authentications, a 5.4 percent increase year-over-year, while on-premises applications encompass 18.5 percent of total authentications, down 1.5 percent since last year.
Apple devices are 3.5 times more likely to update quickly compared to Android. Ecosystem differences have security consequences. On June 1, Apple iOS and Android both issued software updates to patch critical vulnerabilities in their respective operating systems. iOS devices were 3.5 times more likely to be updated within 30 days of a security update or patch.
More than 30 percent of Windows devices in health care organizations still run Windows 7, despite end-of-life status, compared to 10 percent of organizations across Duo’s customer base. Health care providers are often unable to update deprecated operating systems due to compliance requirements and restrictive terms and conditions of third party software vendors.
Windows continues its dominance in the enterprise, accounting for 59 percent of devices used to access protected applications, followed by Mac OS X at 23 percent. Overall, mobile devices account for 15 percent of corporate access (iOS is 11.4 percent and Android is 3.7 percent). On the browser side, Chrome is king with 44 percent of total browser authentications, resulting in stronger security hygiene overall for organizations.
The United Kingdom and European Union-based organizations trail U.S.-based enterprises in user authentications to cloud applications, signaling less cloud use overall or a larger share of applications not protected by multi-factor authentication.
The full report is available for download here. The annual study details the security state of thousands of organizations, examining 26 million devices used for work and 700 million user authentication events per month.
Duo Security is part of Cisco and is a multi-factor authentication and secure access provider. Cisco offers technology that powers the internet.