My 2019 Cybersecurity Year in Review
I slumped back into my favorite chair and stared at the carry-on suitcase over by the door. Thankful that it is now empty and will remain that way until 2020. This gives me time to reflect on the past year and decade as I linger over a cup of coffee. This year I managed to travel to many destinations to meet and speak with people about zero trust and what it means for organizations.
The concept is a simple one. The idea being to reduce risk overall and improve organizational security posture through layers of granted access and verification via multi-factor authentication (MFA) that is so easy to use and protects so well that it has leveled the playing field and helped to democratize security.
So, what does that even mean? Well, any security tool that is meant to be adopted by a wider audience will prove its worth by demonstrating that my elderly parents could use it. My mother is in her 70s and somewhat tech savvy and she took to Duo MFA like a duck to water. I tried other security products which will remain nameless and they were met with far less fanfare.
How have we progressed? Well, if we look at the State of the Auth report that was just published we see that between 2017 and 2019 the adoption of two-factor authentication (2FA) has taken off! Just two years ago the number of survey respondents who said they've used 2FA clocked in at 28%, whereas in 2019 that number swelled to 53%. A healthy 25% bounce.
Another statistic that resonated with me was the change in the percentage of respondents who have heard of 2FA, which grew from 44% in 2017 to 77% in 2019. This really hit home for me when I was at a conference in Asia speaking about zero trust. After my talk I had several attendees approach me to learn more. I was surprised that they had not heard of zero trust before that point. I took this as the opportunity that it was: to help better explain the concept. Just because something may be top of mind in one part of the world is no guarantee that it will be global in nature.
When the Edward Snowden related stories were splashed across the headlines I found myself speaking at conferences in other parts of the world. No one seemed to know or care about the Snowden case. There was the occasional head nod, but by and large little interest. Their concerns were focused on how to better secure their own environments. This is why the zero trust conversations really took root, as it helps to provide a clear path forward to help organizations improve security.
What about saving users time? Well, we have all read studies about the cost involved in resetting passwords. When we look at the cavalcade of data breach stories that seem to grace the news cycles on an almost daily basis one can only imagine the cost of resetting all those passwords, let alone recovery costs in general. From the State of the Auth report we saw that the use of Push saves users on average 13 minutes per year. Users that utilized U2F had average time savings of 18.2 minutes per year. That might not sound like much until you add up all the employees for a 100,000-plus staff organization.
Over the last year I’ve had countless moments where random people would show me the Duo app on their phones in places such as Hong Kong, India, Thailand, Greece, UK, USA and Canada. It’s a point of pride to see someone calling out to me in an airport when they see my Duo t-shirt so they can tell me how much they love our product.
This past year has been an adventure and I’m pleased to see the rise in the numbers of people that not only have heard of 2FA and zero trust, but a rise in the number of users. Data breaches continue to abound and anything that we can do to reduce that number is a positive step forward into the next decade.