!Security in the enterprise: Things are looking up

Cybersecurity is quickly becoming the number one business priority, says identity and access management company Okta.

Based on the results of an analysis of authentication and verification events made through the company’s enterprise offerings between November 1, 2016 to October 31, 2017, security tools by Jamf, KnowBe4, DigiCert, Cisco, Mimecast, Sophos, and CloudFlare all ranked in the top 15 fastest growing apps for the first time.

“Jamf, which provides software for managing and securing Apple devices, is a notable newcomer to the list and the fastest growing app in our network with 389% year-over-year growth. Security awareness training company, KnowBe4 grew 290% in the past year, indicating organizations’ increased focus on training employees around security best practices and ways to combat social engineering attacks,” the company noted.

These results definitely point to companies having increased security spending.

 

Identity attacks originate worldwide

By pairing their security data and the data provided by open source threat intel feeds, the company was able to analyze attacks targeted at the cloud authentication layer.

What they discovered is that 23% of all attacks came from Tor exit nodes, and of the rest, 48% of attacks are coming from IPs geolocated in China, followed by 7.7% from the United States, 4.5% from France, 3.4% from Russia and 2.6% from the Netherlands.

“Unless you have a reason to interact with Tor, we’d suggest just blocking those IPs,” the company advised to enterprise admins.

Passwords and multi-factor authentication

To see what companies are doing to protect users against online credential-based attacks (brute force, password spraying, phishing), Okta took the average password policies of its customers and tested them against an open source list of passwords relied on by security researchers.

They discovered that only 50% would have passed the standard length test requirement of 8 or more characters and that only 4% of companies have a policy that requires passwords to have more than 8 characters, at least one uppercase letter, one lowercase letter, and one number.

“Despite the increasing sophistication in password guessing algorithms, organizations can still minimize the risk of both brute force and password spraying attacks by (1) increasing the minimum password length and optional complexity and (2) enforcing policies that rule out common/breached passwords, and (3) enforcing MFA on all logins,” the company noted.

One good news is that multi-factor authentication continues to grow among Okta’s customers – currently, nearly 70 percent of them offer three or more factor options to their users.

The bad news is that security questions and SMS – two of the least secure options – are the definite favorites:

“The security question is viewed as convenient and unobtrusive, so it makes sense that the popularity of the security question is growing,” says Joe Diamond, Director of Security Product Marketing Management at Okta.

“It’s one of the factors users are most familiar with, despite the fact that it adds little value to security, as many answers to typical security questions are a matter of public record.”

Other insights

According to the company’s numbers, the most popular apps by number of customers are Microsoft Office 365, Salesforce, Amazon AWS, G Suite, Box, Concur, and Slack.

If we go by the number of monthly active users, Microsoft Office 365 still comes on top, followed by Workday, ServiceNow, Salesforce, G Suite, Box, and Concur.

The most popular developer tools and services are JIRA, Github, Pager Duty, New Relic, and Atlassian Cloud.

The most popular eLearning apps are Lynda.com, Coursera, Pluralsight, Codecademy, and Safari.