2018 Duo Trusted Access Report
Duo Security Released their 2018 Trusted Access Report on May 23rd. You can download the report here. The report is based off of analysis of Duo's 10.7 million devices and half a billion authentications per month to over 800,000 applications, and it contains some very interesting insights.
The report is broken down into two main categories: User Behavior and Device Health. In the User Behavior section, the biggest takeaway is that more people than ever are working remotely. Whether that means working from home, from a coffee shop, from a business partner's location, or on an airplane, people are connecting to corporate resources from many different locations and networks. This means that people are potentially connecting to unsecured WiFi networks and other untrusted networks which introduce new points of entry into corporate systems. Another key point is that Phishing isn't going away, and is in fact getting worse. In their studies, Duo found that 62% of Phishing campaigns were able to extract at least one set of user credentials. The below graphic shows some other stats from Duo's simulated Phishing campaigns.
On the Device Health front, the main message is to update your devices. As they described in the Phishing section, Phishing campaigns not only target user behavior, but they generally target vulnerabilities in out of date operating systems, browsers, and email software. Keeping devices up to date is the simplest method to stay safe on the intewebs. Duo's findings show that MacOS and IOS devices are typically the most up to date, while Android devices lag far behind.
In summary, as people become more mobile, deploying some form of multi-factor authentication for accessing corporate resources, and especially cloud-based resources, is more important than ever. It's relatively trivial to compromise user credentials, so having a 2nd factor of authentication is absolutely critical. Many cloud applications offer this functionality for free. Check out twofactorauth.org to see if the cloud applications that you use, such as your bank, offer 2FA, and if they don't you can use the simple tool on twofactorauth.org to tweet out to them asking why it isn't supported. On the corporate side, all reputable firewall manufacturers will offer their own MFA solutions for VPN as well as integrations with 3rd party MFA solutions, so you really have no excuse not to protect yourself.
Leave 2018 Duo Trusted Access Report to:
Read more #cybersecurity posts
Best Posts From Matt Swanson
We have not curated any of sendingtime's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.
More Posts From Matt Swanson
- This Week in WiFi - June 27th, 2018
- Verizon to Terminate Location Sharing Agreements with Third Party Aggregators
- Faster and More Efficient WiFi is Coming with 802.11ax
- Start Getting Used to Minimum Wage Surchares
- UFC 225 Romero vs. Whittaker Results
- UFC 225 - Whittaker vs. Romero Predictions and Bets
- Ad Dropping Malware Comes Pre-Installed On Some Android Devices
- 2018 Duo Trusted Access Report
- WPA3 - A New Security Standard for WiFi Networks
- UFC Fight Night Liverpool - Thompson vs. Till Results
- UFC Fight Night Liverpool - Thompson vs. Till Predictions
- FortiPresence Analytics Lite - FREE WiFi based Presence and Location Services
- Intel Spectre and Meltdown Vulnerabilities - From Bad to Worse
- FBI Releases 2017 Internet Crime Report
- UFC Fight Night Chile - May 19, 2018 - Sendingtime Bets #1 Results
- UFC Fight Night Predictions
- You are Being Tracked - Real-time Cell Phone Location Data Leaked
- Podcast of the Week #1 - Jocko Podcast #121
- DeWalt (Yes, the Tool Company) Enters the Wireless Networking Market
- 802.11r - Fast Transition on 802.11 Networks