!Security in the enterprise: Things are looking up
Cybersecurity is quickly becoming the number one business priority, says identity and access management company Okta.
Based on the results of an analysis of authentication and
verification events made through the company’s enterprise offerings
between November 1, 2016 to October 31, 2017, security tools by Jamf,
KnowBe4, DigiCert, Cisco, Mimecast, Sophos, and CloudFlare all ranked in
the top 15 fastest growing apps for the first time.
“Jamf, which provides software for managing and securing Apple
devices, is a notable newcomer to the list and the fastest growing app
in our network with 389% year-over-year growth. Security awareness
training company, KnowBe4 grew 290% in the past year, indicating
organizations’ increased focus on training employees around security
best practices and ways to combat social engineering attacks,” the
company noted.
These results definitely point to companies having increased security spending.
Identity attacks originate worldwide
By pairing their security data and the data provided by open source
threat intel feeds, the company was able to analyze attacks targeted at
the cloud authentication layer.
What they discovered is that 23% of all attacks came from Tor exit
nodes, and of the rest, 48% of attacks are coming from IPs geolocated in
China, followed by 7.7% from the United States, 4.5% from France, 3.4%
from Russia and 2.6% from the Netherlands.
“Unless you have a reason to interact with Tor, we’d suggest just blocking those IPs,” the company advised to enterprise admins.
Passwords and multi-factor authentication
To see what companies are doing to protect users against online
credential-based attacks (brute force, password spraying, phishing),
Okta took the average password policies of its customers and tested them
against an open source list of passwords relied on by security
researchers.
They discovered that only 50% would have passed the standard length
test requirement of 8 or more characters and that only 4% of companies
have a policy that requires passwords to have more than 8 characters, at
least one uppercase letter, one lowercase letter, and one number.
“Despite the increasing sophistication in password guessing
algorithms, organizations can still minimize the risk of both brute
force and password spraying attacks by (1) increasing the minimum
password length and optional complexity and (2) enforcing policies that
rule out common/breached passwords, and (3) enforcing MFA on all
logins,” the company noted.
One good news is that multi-factor authentication continues to grow
among Okta’s customers – currently, nearly 70 percent of them offer
three or more factor options to their users.
The bad news is that security questions and SMS – two of the least secure options – are the definite favorites:
“The security question is viewed as convenient and unobtrusive, so it
makes sense that the popularity of the security question is growing,”
says Joe Diamond, Director of Security Product Marketing Management at
Okta.
“It’s one of the factors users are most familiar with, despite the
fact that it adds little value to security, as many answers to typical
security questions are a matter of public record.”
Other insights
According to the company’s numbers, the most popular apps by number
of customers are Microsoft Office 365, Salesforce, Amazon AWS, G Suite,
Box, Concur, and Slack.
If we go by the number of monthly active users, Microsoft Office 365
still comes on top, followed by Workday, ServiceNow, Salesforce, G
Suite, Box, and Concur.
The most popular developer tools and services are JIRA, Github, Pager Duty, New Relic, and Atlassian Cloud.
The most popular eLearning apps are Lynda.com, Coursera, Pluralsight, Codecademy, and Safari.
Comments
Post a Comment