Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/10/2020
03:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Cloud Usage, Biometrics Surge As Remote Work Grows Permanent

A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.

The rapid, and in some cases permanent, shift to remote work forced organizations to swiftly adopt cloud services and rethink how they protect corporate data. Researchers report spikes in cloud application authentication, devices with biometrics enabled, and device-based policies.

Related Content:

Digital Transformation Means Security Must Also Transform

The Changing Face of Threat Intelligence

New on The Edge: The Double-Edged Sword of Cybersecurity Insurance

Dave Lewis, global advisory CISO for Cisco's Duo Security, elaborates on shifts in organizations' authentication choices. More than 80% of active customer devices have biometrics enabled, and total devices with biometrics rose 64%. At the same time, the number of companies with policies to disallow SMS-based authentication increased by 7.4%, marking an 85% increase in the number of businesses banning SMS as an authentication method between 2019 and 2020.

"It's definitely been a push this year, and I think a lot of that is driven out of the fact that we have so many organizations being remote now and for the foreseeable future – for the next year or so at least – and they're taking time to reassess where they are," Lewis explains. CISOs have shifted away from static passwords, towards multifactor authentication and biometrics.

Some security leaders face groups of employees who push back, he notes, but often these challenges fade once people start using new forms of authentication.

"A lot of the CISOs are saying the big problems are not deploying MFA, but deploying it across the enterprise," Lewis says. "There are multiple aspects to every enterprise that we have to take into consideration, different business units, and navigating that internally and trying to win over allies within the business is where they have to spend more time to win support."

The pandemic also drove a surge in cloud adoption, an initiative most businesses had begun but were forced to accelerate. Researchers found the average number of daily authentications to cloud apps jumped 40%, an increase at least partly driven by the pandemic. Organizations had little time to reach that level of maturity and consolidate and streamline their operations.

Part of this consolidation involves bringing together services across geographies, Lewis says. Many businesses have a global footprint and a support structure broken down by location, so, for example, each country has its own email support system. Now they want to implement a single approach across the board so they don't have "a disparate hodgepodge of systems" cobbled together under one banner, he adds.

Buckling Down on Updating Remote Devices
During the first three weeks of March, authentication failures due to outdated devices grew 90.5%, according to the annual Duo Trusted Access Report. Many users accessed corporate data and applications from their own unmanaged devices during the initial shift to remote work; if their devices hadn't been updated recently, they were more likely to fall outside corporate policy.

The corporate device policies that most commonly led to failed logins were location-restricted (29.7%), invalid device (22.6%), out-of-date device (14.8%), and no screen lock (9.6%). Most often, restricted countries were Russia (70%), China (68%), North Korea (42%), and Iran (37%).

A closer look at the types of devices people used this year revealed interesting trends. At the top was Windows (59%), followed by OS X (23.5%), iOS (11.4%), Android (3.7%), and Linux (1.2%). iOS was the most popular on mobile (69.9%), followed by Android (30%). Researchers note 10% of Windows businesses still use Windows 7, despite its end of life in January 2020.

Windows 7 usage varies by industry. Healthcare has more than 30% of Windows devices using the outdated OS; the transportation sector has 37%. Industries such as telecom, business, technology, and computers and electronics report more than 90% of devices run Windows 10.

The differences are visible on a broader level as well: Industries with the most up-to-date devices include computers and electronics (72.1% updated), technology (67.1%), business services (65.5%), IT services (65.4%), and agriculture and mining (64.1%). Those with the most out-of-date devices include transportation and storage (49.3%), K-12 education (47%), legal services (46.2%), healthcare (45.6%), and higher education (44.5%).

Overall, Lewis points to a "great deal more control" being used across employee devices. CISOs are focused on ensuring device inventory is current, or as close to current as possible, as well as monitoring systems for anomalous behavior. It's not only essential for them to conduct device posture assessments, but to do them with more urgency than they did in the past. Home office security varies from house to house, and most people don't secure home networks, he adds.

"Your perimeter used to be the firewall and the moat and the castle walls. It's really now about anywhere an access decision can be made," Lewis explains. Now, those decisions are being made on networks that aren't as secure as their previous corporate environment, and IT security pros are responding by taking a closer look at device activity, policies, and restrictions.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23727
PUBLISHED: 2020-12-03
There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).
CVE-2020-28175
PUBLISHED: 2020-12-03
There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges
CVE-2020-13524
PUBLISHED: 2020-12-03
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim n...
CVE-2020-13525
PUBLISHED: 2020-12-03
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-23726
PUBLISHED: 2020-12-03
There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD).