With the rapid increase in cloud and mobile usage, companies are actively looking for more effective methods to safeguard their applications and data. While many organisations have become more astute regarding data access and security, research indicates there are still areas needing improvement.
The 2019 Duo Trusted Access Report compiles insights from 24 million devices, 1 million applications and services, and 500 million authentication attempts across North America and Western Europe to identify trends in technology and cybersecurity. The report highlights an uptick in Windows 10 usage, greater adoption of biometric security measures, and a workforce that is increasingly mobile and dependent on cloud solutions. However, it also reveals that some businesses continue to operate on outdated operating systems and popular web browsers.
Application integration has seen significant growth across various key sectors. There has been a year-over-year increase of 189 customers per cloud application, while the number of authentications per customer for each app has risen by 56. Remote access has surged by 89%, as more employees work remotely yet still require access to applications; nearly half (45%) of requests for secured apps originated from outside the organisation.
According to Wolfgang Goerlich, advisory CISO for Duo Security, the dramatic rise in cloud applications means that most employees now rely on at least two or three such tools for their work. This led to a significant surge in shadow IT, he notes, which really spiralled out of control for many organisations. Additionally, many individuals use the same applications for both personal and professional purposes, underscoring the necessity for companies to implement stringent security policies concerning cloud-based resources and applications.
Trends in Authentication: The use of SMS-based authentication has been declining, with fewer than 3% of businesses opting for it in 2019, a drop from 6 to 8% in 2016. In contrast, biometric authentication has experienced its fourth consecutive year of growth, with 77% of devices now equipped with biometric features such as Apple’s Touch ID and Face ID, Android fingerprint scans, and Windows Hello. Wendy Nather, director of advisory CISOs at Duo Security, remarks on the positive shift away from direct SMS authentication as alternatives become more popular.
While a majority (68%) of the businesses surveyed use Duo Push as their primary authentication method (data gathered from Duo customers), Nather points out that it’s intriguing to examine secondary methods across various industries. The types and proportions of authentication strategies can differ significantly among sectors based on their unique contexts. For instance, highly regulated fields like the federal government are more inclined to use hardware tokens for secure access.
In contrast, phone calls are prevalent in healthcare, higher education, and non-federal government entities. Nather elaborates that hardware tokens are typically found in environments where strict discipline is necessary and where the investment is justified, such as in government and finance sectors. On the other hand, healthcare’s preference for phone calls stems from practical considerations; it’s often simpler for medical staff to answer a phone call than to manage multiple mobile devices. Furthermore, companies are becoming stricter about access control based on geographic locations; over 3 million authentications were blocked in 2019 due to location limitations affecting users from 178 countries. The five most restricted countries include China, Russia, the United States, India, and France. According to Duo Security’s findings, the U.S. ranks as the third most restricted location because companies located outside America frequently deny access based on these restrictions.
Over half (51%) of organisations utilising Duo have restricted at least one authentication attempt from a location deemed off-limits. Other prevalent policies within enterprises include mandating screen locks for users (27%), enforcing disk encryption (22%), and prohibiting access from anonymous IP addresses (20%).
In terms of operating systems and browsers, Windows 10 adoption has increased from 48% to 66%, while Windows 7 usage has decreased from 44% to 29%. Despite the overall decline of Windows 7, specific sectors continue to utilise it heavily. The quickest adopters of Windows 10 include wholesale and distribution (86%), business services (80%), and nonprofits (70%). Conversely, industries that still predominantly rely on Windows 7 are transportation and storage (62%), computer and electronics (54%), and healthcare organisations (52%).
As mobile work becomes more prevalent, the landscape of operating system preference is changing. Although Windows remains the leading enterprise OS, its usage has dropped by 8% year-over-year to reach 47%. During the same period, iOS saw an increase of 7%, bringing its usage up to 23%, while Android’s share rose by 2% to reach a total of 10%. Meanwhile, MacOS experienced a slight decline of 1%, settling at a usage rate of 17%. Nather comments on the rising popularity of Apple devices, suggesting that as more users opt for mobile devices based on task suitability, this trend reflects ergonomic preferences.
Android is the most outdated device; specifically, 58% are not equipped with the latest security patches. Overall, operating system updates have become more frequent in 2019 compared to the previous year; however, Android remains the least updated platform, followed by macOS (51%), Chrome OS (39%), and iOS (38%).
Google Chrome is the leading browser in enterprise settings, while Internet Explorer ranks at the bottom. In March 2019, a zero-day vulnerability in Chrome was discovered, prompting companies to enhance their browser security measures. After this vulnerability was made public, Duo experienced a staggering 30-fold rise in denied authentications and a 79% increase in policies aimed at restricting access to data and applications based on the latest browser versions.
This indicates that organisations are incorporating this into their incident response strategies, Nather remarks. They are taking proactive steps to protect themselves, even when device control is lacking, by mandating updates for everyone. This represents significant progress in restoring authority to CISOs. On the other hand, Microsoft Edge has become the most outdated browser, with 73% of devices operating on an old version. Although Internet Explorer is technically up-to-date, as its latest iteration was released back in 2013, businesses still using it should consider transitioning to a different browser. Nonetheless, Nather observes that IE continues to be a staple within numerous organisations.
Maxthon
Smartphones have become essential in our everyday routines, making their protection more critical than ever. To start securing your device, the initial step is to locate the Maxthon Security app. Imagine browsing through your device’s app store, your fingers gracefully moving across the screen as you search for Maxthon Security. With a quick tap on the download button, you initiate a process that will strengthen your smartphone’s defences. As installation wraps up, excitement builds within you. You eagerly launch the app, prepared to boost your phone’s security features.
Upon opening it, you’ll see a prompt encouraging you to create a strong password or PIN. This isn’t just any ordinary password; it should be a solid barrier made up of letters, numbers, and symbols—a combination that can withstand potential threats. After choosing and confirming a secure option that satisfies you, you’re set to explore further ways to protect your device.
If your smartphone includes biometric features like fingerprint or facial recognition, now is the ideal moment to utilise this advanced technology. Head over to Maxthon Security’s settings and activate these features; they provide an extra layer of protection against unauthorised access.
With these foundational measures in place, it’s time to turn on real-time protection—an invaluable feature designed to keep watch for new threats. Within Maxthon Security’s settings menu lies this powerful tool; activating it ensures that your phone will constantly monitor for any lurking dangers in the digital realm. If anything suspicious occurs, you’ll receive immediate notifications—like having a vigilant guardian by your side.
However, don’t become complacent just yet! Regular updates are vital for maintaining Maxthon Security’s effectiveness against evolving cyber risks. In fact, consider enabling automatic updates in your device settings so that you can effortlessly stay ahead of potential vulnerabilities.