From phishing to late updates: Just how secure is the mobile workforce?

23 May 2018

More team members working remotely means more challenges. Image: New Africa/Shutterstock

Duo Security reports some major security issues for those working remotely.

Whether it’s hiring contractors or allowing staff flexibility when it comes to childcare, remote working is becoming a major trend for many organisations.

While it offers a myriad of benefits, from greater work-life balance to boosted productivity, some security issues are arising.

Duo Security’s Trusted Access Report for 2018 lays out some of the most glaring issues.

Digital transformation driving remote working

The way people interact with technology is changing in the midst of digital transformation, with newer cloud-centric businesses emerging as well as the embracing of mobile by consumers and employees. The Duo Security report analysed its data on more than 10.7m devices and nearly half a billion authentications monthly, spanning North America and Western Europe.

In 2018, 63pc of employers have remote workers, and hiring managers now expect up to 38pc of their full-time staff to be working remotely in the next decade.

As work hours become more flexible to fit lifestyles and travel, people are making the local coffee shop or hotel lobby their own little office. There was a 10pc increase in the average number of networks that enterprise organisations were authenticating from compared to last year’s report.

Users accessing apps from three or more different IP addresses doubled from 8pc in 2016 to 16pc in 2018.

According to Olabode Anise, data scientist at Duo Security, IT administrators are facing fresh challenges and may need “more of a heavy-lift approach in terms of device authentication”.

In terms of industries taking advantage of remote access, the biggest increase in staff working remotely was in the pharma and biotech industry, followed by insurance, computers and electronics, business services and, lastly, government bodies.

Phishing campaigns are more sophisticated

Duo Security also analysed 7,483 phishing simulation campaigns on more than 230,000 recipients and found that 62pc of them were successful in capturing a set of user credentials, and 64pc of campaigns involved an out-of-date device.

Anise explained that as defences grow smarter using cutting-edge tech, bad actors are employing similar strategies in their targeted attacks “in order to craft better and more convincing emails”.

This shows the need for stronger user authentication to prevent unauthorised logins by attackers with phished credentials, such as confirming device trust and user trust verifications (passwords etc). 23pc of those who underwent the simulation clicked the link in the phishing email.

More users are authenticating into work apps via mobile Apple devices, showing an increasingly mobile enterprise user working on the go. Many are also still using out-of-date operating systems, and this is a major issue.

Only 8pc of Android smartphones monitored by Duo Security had applied the latest security patch and a mere 13pc of Android phones were running one of the last three patches released.

Shifting to a new enterprise security model means refocusing controls based on risk factors related to users and their devices. This would go a long way towards protecting against threats such as phishing, stolen credentials and exploits that compromise out-of-date devices and gain access to enterprise applications.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects