Over 160% Rise in Use of High-Risk Apps and Websites with 64% of Workers Now Remote
The latest 2020 Edition of the Netskope Cloud and Threat Report, reveals a massive shift in user behaviour, specifically the trend of personal use of managed devices, and the increased risk that comes with this shift. The report focuses on four key areas, those being: network inversion (where work is conducted remotely outside the confines of the workplace, where the majority of security investments have been focused); personal use of managed devices; cloud threats; and insider threats.
- 64% of workers are now remote, a 148% increase with the pandemic;
- 161% increase in visits to high-risk apps and sites;
- 97% increase for personal use of managed devices;
- 80% increase in the use of collaboration apps;
- Cloud-based malware delivery (vs web) increased to 63%.
We are in new territory with the pandemic; working remote, meeting online, and facing new challenges daily. Changes in user behaviour have been dramatic in the first half of 2020 as work and life have mixed together. An alarming trend for security teams is the use of risky apps and websites, including adult content from managed devices.
Device sharing at home is validated by the traffic to websites and apps categorised as Education and Kids, where managed devices are used for remote education efforts within families. Even with an increase in personal use of managed devices and high-risk websites, the most popular apps remain the leading delivery method of cloud-enabled threats and malware. And finally, as expected, the use of collaboration apps increased significantly as remote teams aim to stay connected.
The report breaks out the average number of apps used by company size, from the hundreds of apps for smaller organisations to over 7,000 apps and cloud services for the largest enterprises.
Key Focus Areas
The COVID-19 pandemic accelerated network inversion by more than doubling the number of people working remotely. Along with this increase in remote work came:
- An 80% increase in the use of collaboration apps as remote workers sought to remain connected with their colleagues;
- And a two per cent increase in the total number of cloud apps being used in the average enterprise.
Personal Use of Managed Devices
When working remotely, the lines have blurred between business and personal use as employees are much more likely to use their devices for personal reasons and engage in risky activities. Personal use of devices increased by 97% and use of risky apps and websites increased by 161%.
Cloud adoption attacks continue to grow with the two most common techniques being cloud phishing and cloud malware delivery. Cloud malware delivery increased its lead over web malware delivery by four points, to 63%. The most popular cloud apps continue to be the apps most abused by attackers.
Seven per cent of all users uploaded sensitive corporate data to personal instances of cloud apps. This put sensitive data at risk of inappropriate use and theft.
A list of almost 50,000 Fortinet VPN devices vulnerable to CVE-2018-13379 has been leaked to a hacker forum. Researchers have commented that slow patching procedures have left a large number of organisations vulnerable to the two-year-old exploit.
It is by understanding the biggest risks to your sector, that you will understand the most effective ways of managing those risks. And with healthcare becoming one of the most vulnerable and highly-targeted industries in the world – it’s time we addressed the issue…
Secrutiny, a cybersecurity managed services company and incident response specialist, expands into Europe via Dutch subsidiary. Headquartered in Amsterdam, led by regional managing director Patrick van Arendonk, Secrutiny NL will be the company’s first office in continental Europe.