Skip navigation

Now Available: The 2017 Duo Trusted Access Report

Patching - while not always easy, affordable or quick - is an important aspect of information security. It’s one of the most basic security hygiene practices we preach, and for good reason. Unpatched, out-of-date software, systems and servers are prime targets of attackers armed with known vulnerabilities and malware.

WannaCry Ransomware Targets Unpatched Systems

The most recent global epidemic of the WannaCry ransomware is a high-profile example of the consequences of not patching Windows operating systems (OS) - affecting over 300,000 computers across the world, the attack brought hospitals, energy firms, government agencies and other critical operations to a halt.

The wormlike ransomware exploited a Windows Server Message Block (SMB) bug affecting unpatched versions of the OS, spreading quickly to other unpatched systems. According to data from Kaspersky Lab, 98 percent of computers affected by the initial attack were running Windows 7. And since Microsoft had released a patch to fix the SMB bug exploited by WannaCry back in March, that means those systems hadn’t been patched for at least two months.

Who’s At Risk?

You can't secure what you can't see. To shed light on who’s at risk of similar attacks, Duo Labs has collected and analyzed our dataset of 4.6 million endpoints, including 3.5 million mobile phones, completing over two hundred million authentications a month - all now available in The 2017 Duo Trusted Access Report.

2017 Duo Trusted Access Report Methodology

We found that 59 percent of enterprise endpoints are running an old operating system, Windows 7. Within the healthcare industry, 76 percent of endpoints are running Windows 7. During the WannaCry epidemic, National Health Services (NHS) hospital systems in the U.K. were hit the hardest by the ransomware, while some medical devices in the U.S. were also affected.

While it’s entirely possible to run older software and apply the latest patches, running out-of-date versions of software can also potentially put your organization at higher risk. The latest OS, Windows 10, offers more security features that can proactively deter malware infection, and older versions lack the protection these features offer.

2017 Duo Trusted Access Report Windows OS

The good news is, our data shows that more than double the number of endpoints are running the latest version Windows 10 - 31% in 2017 compared to 15% in 2016. However, 69 percent of enterprise endpoints are still lagging behind.

Examining Indicators of Device Security Health

2017 Duo Trusted Access Report Device Health We looked at several key indicators of device security health across different industries and geographic locations, including:

  • Out-of-date operating systems, browsers and plugins, like Flash and Java
  • Mobile device security features, such as full disk encryption, screen lock and Touch ID/fingerprint authentication

Plus, we reveal deeper insights into user behavior and device health with campaign data from our phishing simulation tool, Duo Insight.

Phishing is one common and effective way for users to steal passwords and infect systems with malware. We found that 25% of recipients clicked on the link within a phishing email and another 13% entered their credentials - which, in an actual phishing attack, could potentially expose them and their company to malware and password theft.

Our data also revealed that 68% of recipients of a phishing email had at least one out-of-date device, which increases the risk of getting compromised via known vulnerabilities that target older, unpatched versions of software.

The 2017 Duo Trusted Access Report

2017 Duo Trusted Access Report Our latest Trusted Access report reveals the different industries, locations and devices potentially at risk, along with our security recommendations on how to protect your organization.

In this report, you’ll get:

  • Year-over-year trends of enterprise device and mobile security health
  • Industry-specific highlights, including a spotlight on healthcare
  • U.K./EMEA (Europe, Middle East & Africa)-specific data
  • Phishing simulation campaign statistics
  • Security tips, including how Duo’s Trusted Access can help

Download The 2017 Duo Trusted Access Report: The Current State of Enterprise Endpoint Security to get the full report.

Thu Pham

Information Security Journalist

@Thu_Duo

Thu Pham covers current events in the tech industry with a focus on information security. Prior to joining Duo, Thu covered security and compliance for the infrastructure as a service (IaaS) industry at Online Tech. Based in Ann Arbor, Michigan, she earned her BS in Journalism from Central Michigan University.