- Analysis of millions of corporate users, devices and applications details security consequences of massive change in how we work
- Influx of Bring-Your-Own-Device (BYOD) causes 90% spike in out-of-date devices attempting to access business apps
- Cloud adoption to surpass use of on-premises applications by 2021
ANN ARBOR, Mich., November 10, 2020 - A new report published today from Duo Security at Cisco, the leading multi-factor authentication (MFA) and secure access provider, reveals the unprecedented IT change organizations underwent this year amid a massive shift to remote work, accelerating adoption of cloud technology. The security implications of this transition will reverberate for years to come, as the hybrid workplace demands the workforce to be secure, connected and productive from anywhere.
The 2020 Duo Trusted Access Report details how organizations, with a mandate to rapidly transition their entire workforce to remote, turned to remote access technologies such as virtual private networks (VPN) and remote desktop protocol (RDP), among numerous other efforts. As a result, authentication activity to these technologies swelled 60%, helping propel Duo’s monthly authentications from 600 million to 900 million per month. A complementary Cisco survey recently found that 96% of organizations made cybersecurity policy changes during the pandemic, with more than half implementing MFA.
Cloud adoption also accelerated. Daily authentications to cloud applications surged 40% during the first few months of the pandemic, the bulk of which came from enterprise and mid-sized organizations looking to ensure secure access to various cloud services.
As organizations scrambled to acquire the requisite equipment to support remote work, employees relied on personal or unmanaged devices in the interim. Consequently, blocked access attempts due to out-of-date devices skyrocketed 90% in March. That figure fell precipitously in April, indicating healthier devices and decreased risk of breach due to malware.
“As the pandemic began, the priority for many organizations was keeping the lights on and accepting risk in order to accomplish this end,” said Dave Lewis, Global Advisory CISO, Duo Security at Cisco. “Attention has now turned towards lessening risk by implementing a more mature and modern security approach that accounts for a traditional corporate perimeter that has been completely upended.”
Report findings also include:
So Long, SMS - The prevalence of SIM-swapping attacks has driven organizations to strengthen their authentication schemes. Year-over-year, the percentage of organizations that enforce a policy to disallow SMS authentication nearly doubled from 8.7% to 16.1%.
Biometrics Booming - Biometrics are nearly ubiquitous across enterprise users, paving the way for a passwordless future. Eighty percent of mobile devices used for work have biometrics configured, up 12% the past five years.
Cloud Apps on Pace to Pass On-Premises Apps - Use of cloud apps are on pace to surpass use of on-premises apps by next year, accelerated by the shift to remote work. Cloud applications make up 13.2% of total Duo authentications, a 5.4% increase year-over-year, while on-premises applications encompass 18.5% of total authentications, down 1.5% since last year.
Apple Devices 3.5 times More Likely to Update Quickly vs. Android - Ecosystem differences have security consequences. On June 1, Apple iOS and Android both issued software updates to patch critical vulnerabilities in their respective operating systems. iOS devices were 3.5 times more likely to be updated within 30 days of a security update or patch, compared to Android.
Windows 7 Lingers in Healthcare Despite Security Risks - More than 30% of Windows devices in healthcare organizations still run Windows 7, despite end-of-life status, compared with 10% of organizations across Duo’s customer base. Healthcare providers are often unable to update deprecated operating systems due to compliance requirements and restrictive terms and conditions of third-party software vendors.
Windows Devices, Chrome Browser Dominate Business IT - Windows continues its dominance in the enterprise, accounting for 59% of devices used to access protected applications, followed by Mac OS X at 23%. Overall, mobile devices account for 15% of corporate access (iOS: 11.4%, Android: 3.7%). On the browser side, Chrome is king with 44% of total browser authentications, resulting in stronger security hygiene overall for organizations.
UK and EU Trail US in Securing Cloud - United Kingdom and European Union-based organizations trail US-based enterprises in user authentications to cloud applications, signaling less cloud use overall or a larger share of applications not protected by MFA.
These are just a few of many findings in the 2020 Duo Trusted Access Report. To download the report, please visit http://duo.sc/tar-2020.
- News Release: Cisco Reports Privacy and Security Concerns Increase in Today’s Remote World
- Solution: Cisco Secure Remote Worker
- Reference: Cisco Cybersecurity Report Series
About The 2020 Duo Trusted Access Report The annual Duo Trusted Access Report details the security state of thousands of the world’s largest and fastest-growing organizations. The report examines 26 million devices used for work and 700 million user authentication events per month to more than 500,000 unique corporate applications, based on de-identified and aggregated data from Duo’s customer base. To view the report, please visit http://duo.sc/tar-2020.
About Duo Security Duo Security, now part of Cisco, is the leading multi-factor authentication (MFA) and secure access provider. Duo comprises a key pillar of the Cisco Zero Trust offering, the most comprehensive approach to securing access across IT applications and environments, from any user, device, and location. Duo is a trusted partner to more than 25,000 customers globally, including Facebook, Lyft, University of Michigan, Yelp, Zillow and more. Founded in Ann Arbor, Michigan, Duo has offices in Austin, Texas; San Francisco, California; and London. Try it for free at Duo.com.
About Cisco Cisco (NASDAQ: CSCO) is the worldwide leader in technology that powers the Internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future. Discover more on The Network and follow us on Twitter.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.