Duo Security, the world’s leading cloud-based Trusted Access provider, released The 2017 Duo Trusted Access Report, analyzing the security health of 4.6 million endpoint devices, including 3.5 million mobile phones across multiple industries and geographic regions.
With increased adoption of cloud services and mobile devices, enterprises no longer have distinct boundaries defined by inside and outside the firewall, making the health of devices connecting to their network more critical than ever to protect against new security threats.
To measure the state of device security health, the report analyzes top indicators including out-of-date operating systems, browsers and plugins that make endpoints more susceptible to vulnerabilities, as well as security features mobile devices have enabled.
Also, for the first time, the report highlights the latest data from Duo’s simulated phishing assessments. Phishing is one of the easiest and most effective ways for attackers to steal user credentials, exploit out-of-date software, and gain access to enterprise applications.
Key sections and highlights of the report include:
Overall Device Security Health
Improvement for Microsoft operating systems (OS): 31% of endpoints are running the latest OS version, Windows 10, compared to 15% in 2016. Enterprises are slowly migrating to the most up-to-date and secure version two years after its release
However, 13% of endpoints are browsing dangerously on an unsupported version of the Internet Explorer browser that is no longer receiving security updates that patch known vulnerabilities.
Mobile Security Health
The UK and EMEA Security Health
Industry-Specific Security Health
The technology industry has the highest number of endpoints running the Windows 10 operating system (OS) at 87%, while the healthcare and machinery industries fall in the bottom with only 16% and 6% of endpoints respectively using the latest OS.
Healthcare industry data reveals 76% of endpoints are running Windows 7 - an 8-year-old operating system - which is much higher than the 59% average of all other endpoints. Worse still, the percentage of healthcare endpoints running Windows XP has increased from 2% to 3%, which is higher than the 1% of overall endpoints. This is troubling to see, as Microsoft ended security support for Windows XP in 2014, and continuing to run the OS could run afoul of the HIPAA risk management requirements.
The biotech industry comes in last for mobile security features, with the lowest amount of mobile devices with screen lock or encryption enabled, meaning they lack mobile device security.
Phishing on the Rise
Duo’s analysis of 3,575 simulated phishing campaigns conducted in the past 12 months from Duo Insight, with more than 80,000 recipients, found that 62% of campaigns captured at least one credential and 68% had at least one out-of-date device.
A quarter of recipients clicking the link in the email means that they could have potentially visited a malicious website, putting their devices at risk. Since the majority of recipients are using out-of-date devices to open phishing emails, this also puts users at higher risk of getting compromised by an attacker using known vulnerabilities.
Mike Hanley, Sr. Director of Security for Duo explained, “As underlined from many of the latest headline breaches, unpatched, out-of-date software, systems, and servers are prime targets for attackers armed with known vulnerabilities and malware. The 2017 Trusted Access Report shows that while we’re making progress in some areas like Windows 10 adoption, there is still much room for improvement across the board.”
To download the full 2017 Trusted Access Report, please visit: duo.sc/2017-trusted-access
Subscribe to our newsletter for all the latest updates and special offers.
Click Here To view archive additions