ANN ARBOR—A new report on the growing shift to remote digital work from Duo Security, the Ann Arbor-based IT security firm now part of Cisco Systems Inc., finds a shift away from a widely used type of two-factor authentication, a rise in biometric authentication, and continued growth of cloud-based applications.
Duo officials say the security implications of this transition will reverberate for years to come, as the hybrid workplace demands the workforce to be secure, connected and productive from anywhere.
The 2020 Duo Trusted Access Report details how organizations, with a mandate to rapidly transition their entire workforce to remote, turned to remote access technologies such as virtual private networks (VPN) and remote desktop protocol (RDP), among numerous other efforts. As a result, authentication activity to these technologies swelled 60 percent, helping propel Duo’s monthly authentications from 600 million to 900 million per month. A complementary Cisco survey recently found that 96 percent of organizations made cybersecurity policy changes during the pandemic, with more than half implementing multi-factor authentication.
Cloud adoption also accelerated. Daily authentications to cloud applications surged 40 percent during the first few months of the pandemic, the bulk of which came from enterprise and mid-sized organizations looking to ensure secure access to various cloud services.
As organizations scrambled to acquire the requisite equipment to support remote work, employees relied on personal or unmanaged devices in the interim. Consequently, blocked access attempts due to out-of-date devices skyrocketed 90 oercebt in March. That figure fell precipitously in April, indicating healthier devices and decreased risk of breach due to malware.
“As the pandemic began, the priority for many organizations was keeping the lights on and accepting risk in order to accomplish this end,” said Dave Lewis, global advisory chief information security officer at Duo. “Attention has now turned towards lessening risk by implementing a more mature and modern security approach that accounts for a traditional corporate perimeter that has been completely upended.”
Report findings also include:
- So Long, SMS—The prevalence of SIM-swapping attacks has driven organizations to strengthen their authentication schemes. Year-over-year, the percentage of organizations that enforce a policy to disallow text messaging authentication nearly doubled from 8.7 percent to 16.1 percent.
- Biometrics Booming—Biometrics are nearly ubiquitous across enterprise users, paving the way for a passwordless future. Eighty percent of mobile devices used for work have biometrics configured, up 12 percent the past five years.
- Cloud Apps on Pace to Pass On-Premises Apps—Use of cloud apps are on pace to surpass use of on-premises apps by next year, accelerated by the shift to remote work. Cloud applications make up 13.2 percent of total Duo authentications, a 5.4 percent increase year-over-year, while on-premises applications encompass 18.5 percent of total authentications, down 1.5 percent since last year.
- Apple Devices 3.5 times More Likely to Update Quickly vs. Android—Ecosystem differences have security consequences. On June 1, Apple iOS and Android both issued software updates to patch critical vulnerabilities in their respective operating systems. iOS devices were 3.5 times more likely to be updated within 30 days of a security update or patch, compared to Android.
- Windows 7 Lingers in Healthcare Despite Security Risks—More than 30 percent of Windows devices in healthcare organizations still run Windows 7, despite end-of-life status, compared with 10 percent of organizations across Duo’s customer base. Healthcare providers are often unable to update deprecated operating systems due to compliance requirements and restrictive terms and conditions of third-party software vendors.
- Windows Devices, Chrome Browser Dominate Business IT—Windows continues its dominance in the enterprise, accounting for 59 percent of devices used to access protected applications, followed by Mac OS X at 23 percent. Overall, mobile devices account for 15 percent of corporate access (iOS: 11.4 percent, Android: 3.7 percent). On the browser side, Chrome is king with 44 percent of total browser authentications, resulting in stronger security hygiene overall for organizations.
- UK and EU Trail US in Securing Cloud—United Kingdom and European Union-based organizations trail US-based enterprises in user authentications to cloud applications, signaling less cloud use overall or a larger share of applications not protected by MFA.
The annual Duo Trusted Access Report examines 26 million devices used for work and 700 million user authentication events per month to more than 500,000 unique corporate applications, based on de-identified and aggregated data from Duo’s customer base. To view the report, please visit http://duo.sc/tar-2020. Duo has more than 25,000 customers across the world, including Facebook, Lyft, the University of Michigan, Yelp, Zillow and more. Founded in Ann Arbor, Duo has offices in Austin, Texas; San Francisco, Calif.; and London.
Cisco (NASDAQ: CSCO) acquired Duo for $2.35 billion in 2018. More at www.cisco.com.