More Unsecure Wi-Fi and Phishing? Not So Flashy

More Unsecure Wi-Fi and Phishing? Not So Flashy

As more companies embrace the productivity of a mobile workforce, the fact that work is being conducted from potentially unsecured Wi-Fi networks puts enterprise security at risk. According to The 2018 Duo Trusted Access Report, it's not clear that security is keeping pace with the rapid evolution of how and where employees work.

For the third consecutive year, Duo Security has looked at the security state of employees, contractors, devices, and applications. The 2018 report reflects the analysis of nearly 11 million computers, laptops and smartphones from which a half-a-billion user access requests to corporate applications and data were received per month. 

In an enterprise-sized organization, mobility and growth have driven a 24% increase in the average number of unique networks that customers and enterprise organizations are authenticating from and a nearly 50% jump in users accessing from two or more distinct IP addresses.

While the numbers reflect that enterprise access is growing more fluidly, the growth also "means more work is being conducted from potentially unsecured Wi-Fi networks, which could include homes, airports, coffee shops, or other public spaces. These external, untrusted networks may introduce potential risks to corporate applications and data," Duo Security wrote in a press release

Related to the mobile workforce is the problem of mobile updates. The report found that more than 90% of Android devices and nearly 60% of iOS devices are out of date. Additionally problematic is the boom in successful phishing, which reportedly takes only 12–13 minutes on average. In 62% of phishing campaigns, at least one set of credentials is being captured. 

Flash continues to inch toward its demise, with a nearly 200% jump in browsers with Flash uninstalled. Where 80% of Chrome users were loading at least one page of Flash content per day in 2014, the report said that number is down to only 4% in 2018, according to Google.

Source: Information Security Magazine