Over 160% Rise in Use of High-Risk Apps and Websites with 64% of Workers Now Remote
The latest 2020 Edition of the Netskope Cloud and Threat Report, reveals a massive shift in user behaviour, specifically the trend of personal use of managed devices, and the increased risk that comes with this shift. The report focuses on four key areas, those being: network inversion (where work is conducted remotely outside the confines of the workplace, where the majority of security investments have been focused); personal use of managed devices; cloud threats; and insider threats.
- 64% of workers are now remote, a 148% increase with the pandemic;
- 161% increase in visits to high-risk apps and sites;
- 97% increase for personal use of managed devices;
- 80% increase in the use of collaboration apps;
- Cloud-based malware delivery (vs web) increased to 63%.
We are in new territory with the pandemic; working remote, meeting online, and facing new challenges daily. Changes in user behaviour have been dramatic in the first half of 2020 as work and life have mixed together. An alarming trend for security teams is the use of risky apps and websites, including adult content from managed devices.
Device sharing at home is validated by the traffic to websites and apps categorised as Education and Kids, where managed devices are used for remote education efforts within families. Even with an increase in personal use of managed devices and high-risk websites, the most popular apps remain the leading delivery method of cloud-enabled threats and malware. And finally, as expected, the use of collaboration apps increased significantly as remote teams aim to stay connected.
The report breaks out the average number of apps used by company size, from the hundreds of apps for smaller organisations to over 7,000 apps and cloud services for the largest enterprises.
Key Focus Areas
The COVID-19 pandemic accelerated network inversion by more than doubling the number of people working remotely. Along with this increase in remote work came:
- An 80% increase in the use of collaboration apps as remote workers sought to remain connected with their colleagues;
- And a two per cent increase in the total number of cloud apps being used in the average enterprise.
Personal Use of Managed Devices
When working remotely, the lines have blurred between business and personal use as employees are much more likely to use their devices for personal reasons and engage in risky activities. Personal use of devices increased by 97% and use of risky apps and websites increased by 161%.
Cloud adoption attacks continue to grow with the two most common techniques being cloud phishing and cloud malware delivery. Cloud malware delivery increased its lead over web malware delivery by four points, to 63%. The most popular cloud apps continue to be the apps most abused by attackers.
Seven per cent of all users uploaded sensitive corporate data to personal instances of cloud apps. This put sensitive data at risk of inappropriate use and theft.
The increasing dependence on remote working has led to an exponential rise in phishing and social engineering attacks, as Google data reveals 350% surge in phishing websites during the pandemic. We discuss phishing, social engineering and business network manipulation, and how organisations can better prepare themselves.
A critical privilege escalation exploit in Windows Server (CVE-2020-1472), codenamed Zerologon, allows an attacker to become a domain admin, even without any credentials.
Microsoft’s September Patch Tuesday fixes 129 security holes (23 of which are rated ‘critical’) in numerous versions of its Windows operating system and related software. One of the more critical patches could allow remote code execution by sending an email to a victim.