Survey of 100 IT security professionals also reveals phished credentials caused twice as many breaches than malware in the past year
LONDON, September 12, 2018 – Personal device use for remote work poses the biggest security risk to organisations safeguarding their increasingly mobile and cloud-based IT environment, according to a new survey of 100 UK-based senior IT security professionals. Conducted from March to May on behalf of Unified Access Security (UAS) leader Duo Security, the survey found 58 percent of respondents believe that network access from non-corporate and personally-owned devices such as laptops, desktops or mobile phones is the highest risk in managing remote users, among other findings.
Remote Work On the Rise Duo’s survey found 75 percent of respondents reported that their users now connect remotely to work applications at least 25 percent of the time. While this remote work trend has created unmatched flexibility and has helped organizations attract top talent globally, it has introduced a major predicament for IT and security teams.
“Enterprise mobility is one of the biggest IT security challenges and personal devices are a massive blind spot,” said Richard Archdeacon, Duo Advisory CISO. “If you don’t know what’s connecting to the network, how can you protect data from being compromised? What’s clear from this survey is that decision makers still don’t feel comfortable with the sea of devices entering the workplace.”
When it comes to different groups of remote workers, nearly half of all security professionals (48 percent) ranked external suppliers and service providers as the most risky, compared to internal employees such as the C-suite, sales and field support workers.
This data is underlined by several recent high profile security breaches that originated from third-party suppliers. According to Forrester’s 2017 Global Business Technographics Security Survey, 41 percent of breaches in the past 12 months were incidents within the organization or involved business partners/third-party suppliers.
Phishing: The Leading Cause of Breaches The findings also reveal the extent to which phishing attacks targeting user credentials continue to dominate as the primary source of security breaches, underscoring the need for robust policies around device health and user authentication.
When asked about the biggest security incident in the last 12 months that resulted in unauthorised access to corporate applications, nearly half of respondents reported phishing as the cause. The findings reveal:
- Phishing resulted twice as many breaches than malware (48 percent compared to 22 percent)
- Phishing resulted in more breaches than malware and unpatched systems combined (48 percent compared to 41 percent)
“Outdated devices are particularly vulnerable to being compromised, which can easily spiral into a full-blown, major breach,” Archdeacon added. “Organisations don’t necessarily need to block individuals from using their personal devices, but they do need to re-shape their security models to fit these evolving working practices.”
Operating on a basis of “zero trust” where the user’s identity and device health are checked and verified every time they access an application, helps to minimise the security risks inherent in any Bring Your Own Device (BYOD) culture.
For more information, please visit https://duo.sc/uk-ciso-survey
About the Survey The Survey was conducted with 100 Senior IT Security Decision Makers at UK Organisations, by RANT; the largest community of senior end-user only information security professionals in the UK.
About Duo Security Duo Security is the leading provider of Unified Access Security (UAS) and multi-factor authentication. Duo Beyond, the company's category defining zero-trust security platform, enables organizations to provide trusted access to all of their critical applications, for any user, from anywhere, and with any device. The company is a trusted partner to more than 12,000 customers globally, including Dresser-Rand, Etsy, Facebook, Paramount Pictures, Random House, Zillow and more. Founded in Michigan, Duo has offices in Ann Arbor and Detroit, as well as growing hubs in Austin, Texas; San Mateo, California; and London, UK. Visit Duo.com to find out more.