Shadow devices - aka, bring your own device (BYOD); those employee-owned personal phones, laptops, tablets, etc. - are connecting to your corporate network.
But you don't know how many there actually are, or what's on them, or if they even meet your minimum security standards, which might look a little bit like this:
- Not jailbroken or rooted
- Running the latest operating system, browsers and plugins
Your employees browse social media sites, download apps and games, and click on clickbait. And all of those behaviors can potentially introduce malware and phishing to their personal devices - and, by proxy, your corporate network.
Shadow Devices & Risks on the Rise
A Duo survey of 100 UK-based chief information security officers (CISOs) and senior information security leaders revealed their concerns about shadow devices. Nearly 60 percent of CISOs ranked access to their corporate network by shadow devices as the biggest security risk, with access from public Wi-Fi as another high concern.
A man-in-the-middle (MITM) attack over public Wi-Fi is possible as open internet connections are often unencrypted and unsecured. Attackers can sniff, or access any of your information that is passed between your browser and websites you visit.
And if your user is connecting remotely to your corporate network, that means they may be able to snatch their password, gaining entry to your company data.
Our survey found that users are connecting remotely to work applications, at least a quarter of the time, according to 3 in 4 CISOs. And 48 percent of companies have more than half of their employees working outside of the corporate network.
Some of those users may include third parties - another 48 percent of CISOs ranked external suppliers as their most risky users, understandably. Many contractors and vendors have been linked to breaches of larger enterprise companies, due to lax security practices or lack of security budget/practices.
What's the concern about all this remote work/access? Those attacks that can cause security incidents - like phished credentials, which accounted for 48 percent of incidents, according to UK CISOs. That's twice as many breaches than malware accounted for (22 percent), although one is often a precursor for the other in an attack.
Phishing also accounted for the biggest security incidents in the last 12 months for half of all CISOs.
Shine a Light on Shadow Devices
What can you do about all this?
Shadow Devices (BYOD): Security starts with transparency. Get insight into every single device on your network, not just ones managed by your company. Duo's Unified Endpoint Visibility shows every device logging into your network, while Trusted Endpoints lets you distinguish between personal and corporate-owned devices.
Remote Work: This is our now-reality, so get secure about it. Implement a second layer of user verification with two-factor authentication to prove they're legit, and combine that with device checks at login to verify they meet your security standards. Then, layer in policies and controls to block access from certain countries or IP addresses to further limit who can log into your company applications.
Third Parties: 2FA their logins, then apply some additional controls - like limit what they can access on a per-application basis, and limit the time period during which they have access to your applications. With user and device reports, you can monitor their login activity and flag any anomalous events. Plus, you can enforce device checks to ensure their personal devices are secure enough to gain entry to your applications and data.
Phishing & Social Engineering: User training and awareness is one aspect, but strong 2FA can also help limit password attacks. Duo Push or Universal 2nd Factor (U2F) provides a stronger way to authenticate, protecting against social engineering attacks. There's more than just 2FA - getting insight and control over risky devices can also protect against the risk of malware introduced via phishing.