It should come as no surprise that security was a top priority for businesses in 2017. After witnessing major organisations like Equifax, Uber and Yahoo! suffer serious data breaches, businesses upped the ante when it came to protecting their own employees and their data. Our findings show that organisations invested heavily in companies that have security tools or security use-cases like Jamf, KnowBe4, DigiCert, Cisco Umbrella, Mimecast, Sophos, and CloudFlare, all of which ranked in the top 15 fastest growing apps.
But given the ever-increasing number of cyber attacks, there’s still room for businesses to bolster their first line of defense by rethinking traditional password and multi-factor authentication policies. If security is the Achilles’ heel of modern enterprise, then businesses must put in the herculean effort to protect themselves.
It’s not just security that’s top of mind for businesses. They’re also embracing new digital technologies to both help their employees work more effectively and deliver exceptional customer experiences. The proof is in the data — this year’s report shows that organisations of all sizes, in every industry, across all regions, are investing in more technology than ever before, with the median number of apps per customer growing 24% from 2015 to 2017.
The way we see it: that’s great for business, the economy and (dare I say it) the world. By embracing new technologies, we can work better and more securely than ever before.
Other key findings from the report include:
Identity threats originate worldwide. It’s well known that 81% of hacking related breaches are caused by compromised credentials – but what else do we know about attacks against identities? We took a look at the identity threat landscape and found that while we may see China in the news for hacking, the real threats are coming from, well... everywhere. We may not hear about them because more than 50% of global attacks we analyzed do not have prior intel from the open source community. And of those attacks with no prior intel, 36% are coming from Europe – of these, 19% are coming from France, 12% from the Netherlands, 11% from Russia, and 10% from Germany. But the real non starter for most businesses? The 23% of attacks coming from Tor exit nodes (more commonly described as the dark web). Unless you have a reason to interact with Tor, we’d suggest just blocking those IPs.
Beyond the 8 character minimum. Threats are coming from everywhere: how well are you protecting against them? We took a look at the average Okta password policy (as passwords are rightly encrypted in Okta so we can’t see them) to see first what companies are doing to protect against identity focused attacks, like brute forcing (trying a bunch of passwords against one account), password spraying (trying a small number of general passwords like ‘password123’ against a bunch of accounts) and phishing (tricking you into giving up your credentials) to see how they’d fare. We compared this analysis to a list of publicly-exposed passwords and discovered that (surprise, surprise) the average person isn’t making good choices about their passwords, but the average company can block out most brute force and spraying attacks with good password hygiene – it would take hackers 7,000 years to hack the average Okta customer password policy! But of course, to stop phishing you’ll need to add on that second layer of authentication.
Is multi-factor authentication as easy as 1-2-3? Again, passwords are an important piece of the security puzzle, but businesses should implement a second (or third or fourth…) factor to ensure the best protection. The good news is that MFA adoption continues to grow among Okta customers, and nearly 70% of customers offer three or more factor options to their users today (compared to 62% last year). Even so, our data reveals that customers continue to use less trusted factors of authentication such as SMS and security question. As with passwords, strong MFA factors and policies are crucial to improving overall security posture and protecting businesses’ well-being in the long run.
Developer tools are a priority. With more businesses moving to the cloud and pursuing everyone’s favorite buzzword, “a digital transformation,” supporting developers is absolutely critical. Our customers have taken note, with 47% using at least one developer tool today. 48% of these developer savvy customers use JIRA. We’re also seeing the pace of adoption of developer apps vary across industries. While companies in technology and media & entertainment are currently leading industries in their usage of developer tools, consulting & business services and retail companies are catching up!