Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/10/2020
03:10 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Cloud Usage, Biometrics Surge As Remote Work Grows Permanent

A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.

The rapid, and in some cases permanent, shift to remote work forced organizations to swiftly adopt cloud services and rethink how they protect corporate data. Researchers report spikes in cloud application authentication, devices with biometrics enabled, and device-based policies.

Related Content:

Digital Transformation Means Security Must Also Transform

The Changing Face of Threat Intelligence

New on The Edge: The Double-Edged Sword of Cybersecurity Insurance

Dave Lewis, global advisory CISO for Cisco's Duo Security, elaborates on shifts in organizations' authentication choices. More than 80% of active customer devices have biometrics enabled, and total devices with biometrics rose 64%. At the same time, the number of companies with policies to disallow SMS-based authentication increased by 7.4%, marking an 85% increase in the number of businesses banning SMS as an authentication method between 2019 and 2020.

"It's definitely been a push this year, and I think a lot of that is driven out of the fact that we have so many organizations being remote now and for the foreseeable future – for the next year or so at least – and they're taking time to reassess where they are," Lewis explains. CISOs have shifted away from static passwords, towards multifactor authentication and biometrics.

Some security leaders face groups of employees who push back, he notes, but often these challenges fade once people start using new forms of authentication.

"A lot of the CISOs are saying the big problems are not deploying MFA, but deploying it across the enterprise," Lewis says. "There are multiple aspects to every enterprise that we have to take into consideration, different business units, and navigating that internally and trying to win over allies within the business is where they have to spend more time to win support."

The pandemic also drove a surge in cloud adoption, an initiative most businesses had begun but were forced to accelerate. Researchers found the average number of daily authentications to cloud apps jumped 40%, an increase at least partly driven by the pandemic. Organizations had little time to reach that level of maturity and consolidate and streamline their operations.

Part of this consolidation involves bringing together services across geographies, Lewis says. Many businesses have a global footprint and a support structure broken down by location, so, for example, each country has its own email support system. Now they want to implement a single approach across the board so they don't have "a disparate hodgepodge of systems" cobbled together under one banner, he adds.

Buckling Down on Updating Remote Devices
During the first three weeks of March, authentication failures due to outdated devices grew 90.5%, according to the annual Duo Trusted Access Report. Many users accessed corporate data and applications from their own unmanaged devices during the initial shift to remote work; if their devices hadn't been updated recently, they were more likely to fall outside corporate policy.

The corporate device policies that most commonly led to failed logins were location-restricted (29.7%), invalid device (22.6%), out-of-date device (14.8%), and no screen lock (9.6%). Most often, restricted countries were Russia (70%), China (68%), North Korea (42%), and Iran (37%).

A closer look at the types of devices people used this year revealed interesting trends. At the top was Windows (59%), followed by OS X (23.5%), iOS (11.4%), Android (3.7%), and Linux (1.2%). iOS was the most popular on mobile (69.9%), followed by Android (30%). Researchers note 10% of Windows businesses still use Windows 7, despite its end of life in January 2020.

Windows 7 usage varies by industry. Healthcare has more than 30% of Windows devices using the outdated OS; the transportation sector has 37%. Industries such as telecom, business, technology, and computers and electronics report more than 90% of devices run Windows 10.

The differences are visible on a broader level as well: Industries with the most up-to-date devices include computers and electronics (72.1% updated), technology (67.1%), business services (65.5%), IT services (65.4%), and agriculture and mining (64.1%). Those with the most out-of-date devices include transportation and storage (49.3%), K-12 education (47%), legal services (46.2%), healthcare (45.6%), and higher education (44.5%).

Overall, Lewis points to a "great deal more control" being used across employee devices. CISOs are focused on ensuring device inventory is current, or as close to current as possible, as well as monitoring systems for anomalous behavior. It's not only essential for them to conduct device posture assessments, but to do them with more urgency than they did in the past. Home office security varies from house to house, and most people don't secure home networks, he adds.

"Your perimeter used to be the firewall and the moat and the castle walls. It's really now about anywhere an access decision can be made," Lewis explains. Now, those decisions are being made on networks that aren't as secure as their previous corporate environment, and IT security pros are responding by taking a closer look at device activity, policies, and restrictions.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34812
PUBLISHED: 2021-06-18
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-34808
PUBLISHED: 2021-06-18
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
CVE-2021-34809
PUBLISHED: 2021-06-18
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34810
PUBLISHED: 2021-06-18
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34811
PUBLISHED: 2021-06-18
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.