This year 2020, the Covid-19 pandemic has notably changed the way we work. This change has resulted in a considerable increase in remote work, and the approval of a law that regulates teleworking. However, this rapid evolution towards remote work will cause us to have to thoroughly review access technology in the business world, especially that related to cybersecurity.
This massive and sudden shift in the first half of 2020 towards remote working has led to the adoption of cloud technology. The security implications of this transition will be seen in the years to come and we must be prepared to take appropriate action.
The Duo report on remote access
Cisco Duo Security , with its modern access security, is designed to protect all users, devices and applications. It offers secure access and a scalable, easy-to-deploy SaaS solution that natively protects all applications. Furthermore, it enables intuitive authentication for users. In Duo’s report on remote access, some interesting facts about this evolution towards remote work could be obtained. Thus, we know that 78% of the workers surveyed worked at least 60% of the time from home in March of this year.
Another noteworthy fact was the 72% increase in multifactor remote technology authentications and an 85% increase in the use of policies to disallow SMS authentication. As for iOS devices, they were four times more likely to receive and install updates than Android devices. Additionally, use of biometrics-enabled devices rose 64%. Daily authentications in cloud applications also increased 40% during the first months of the Covid-19 pandemic. The objective of these companies, at that time, was to continue working and guarantee secure access to their services.
Obsolete devices and biometrics
At the time the coronavirus pandemic began, the priority for many companies was to stay up and running. The objective was to work as much as possible to reduce losses as much as possible. Now, with the evolution towards remote work, we seek to reduce risk by implementing a more mature and modern approach to security.
This very abrupt change at the beginning of the year meant that many personal devices had to be used. This resulted in access attempts blocked due to the use of obsolete devices, and this event increased by 90% in March. The positive is that, the following month, it was considerably reduced which indicates that these devices were replaced by more reliable and safe ones.
Another discovery made is that SIM exchange attacks have led companies to strengthen their authentication schemes. Thus, if we take last year as a starting point, the percentage of organizations that apply a policy not to allow SMS authentication has gone from 8.7% to 16.1%. An interesting fact is that biometrics is becoming more and more common in the business environment, to be thinking about a future without passwords. Thus, 80% of the mobile devices used to work today have biometrics configured, which is 12% more than in the last five years.
Industry multi-factor authentication methods
Now we are going to see how multifactor authentication methods are evolving in two sectors of the industry through some graphs. This is what the financial sector is doing.
This is the graph of the technology sector.
As can be seen, in both sectors the use of SMS authentication is very low, due to the fact that more modern and secure methods are being applied. For this reason, we previously mentioned that its use had decreased significantly. One worrying fact is that more than 30% of Windows devices in healthcare organizations were still using Windows 7 even though their support has now ended.
As for the evolution to remote work, it is causing a series of changes. The use of applications in the cloud is on the way to surpass the use of local applications. Thus, applications in the cloud represent 13.2% of all Duo authentications with an increase of 5.4% compared to last year. With regard to local applications, they represent 18.5% of the total, and have experienced a decrease of 1.5% compared to last year. In this sense, it would not be surprising if cloud applications soon overtook local applications.