Tag Archives: MFA

My Four Favorite Charts from the ILTA 2022 Technology Survey

Posted on by
1

The International Legal Technology Association’s 2022 survey is a broad treasure trove of data reported from 541 law firms.

There are 11 major topics including Infrastructure, Document Management, Practice Management, and Business Continuity.

My focus is on four of the twenty-seven questions surveyed in the Security section.

  1. Password Management
ILTA 2022 Technology Survey

Password managers are one of the most highly recommended solutions for security. They help with: using complex passwords, deterring repeat usage of passwords, and providing secure storage for passwords. There is a learning curve to using a password manager, but once I got up to speed, I wondered how I would live without it. We have so many passwords to juggle these days. I am surprised that 50% of respondents are not providing a password manager.

2. Multi-factor Authentication

ILTA 2022 Technology Survey

Perhaps the single most recommended security mitigation is multi-factor authentication (MFA). Here we see Duo Security (a Cisco company) is the leader at 45%. There are three Microsoft solutions listed which total 27%.

In legal tech, it’s notable when a third-party solution is more widely adopted than a Microsoft solution as most law firms operate on the Microsoft stack.

3. What do You Secure with MFA?

ILTA 2022 Technology Survey

The largest response is VPN/Remote Access. Then Office 365. It’s very good to see high adoption of MFA for these widely used applications.

4. Which Phishing, Vishing, Social Engineering, or Security Awareness Program?

ILTA 2022 Technology Survey

KnowBe4 is the stand-out at 62%. Others used are Mimecast, Traveling Coaches, Proofpoint, managed service providers, and solutions developed in-house. Only 7% reported “None.” As phishing and social engineering are the cause of about 90% of exploits, law firms are wise to have these programs in place.

You may access the full data-rich report or the executive report from ILTA. Here is the download page.

-Maureen

F5 Labs on Phishing in 2020

Posted on by
Reply

Last week in my post on Okta’s 2021 Businesses at Work report, I mentioned the F5 Labs 2020 Phishing and Fraud Report. It is cited in the Businesses at Work report for its warning on Office 365. In brief, that warning is that Office 365 is a rich target because if an attacker breaches Office 365, they have access to email and much more, including potentially to SharePoint and OneDrive. F5 Labs warns to use Multi-Factor Authentication (MFA) with Office 365.

The F5 Labs Phishing and Fraud report is full of useful information. It’s a tutorial on phishing, a source of exploit data, and a guide as to how to protect from phishing.

In this post, I share 3 of the many images in the report to tempt you to looking at the full report.

Phishing Incidents Dealt with by F5’s Security Operations Center – F5 Labs

We’ve known for years that phishing is the number one cause of data breaches. F5 Labs estimated, as shown above, that the number of phishing incidents in 2020 was projected to increase by 15% compared with 2019.

Sample Phishing Subject Lines – F5 Labs

As anyone who has an email inbox knows, phishing perpetrators are nothing if not topical. In addition, they prey on fear. These cyber-criminals were quick to capitalize on COVID-19. Starting in March 0f 2020, fear and false information about COVID-19 became a hot subject for phishing, as this list conveys.

Steps in a Phishing Attack – F5 Labs

The report explains financial fraud, deception techniques such as custom URLs, and the trajectory of phishing in the report. It concludes with pragmatic sections on “Protecting the Business” and “Protecting Users.”

F5 Labs also explains financial fraud, deception techniques such as custom URLs, and the trajectory of phishing in the report. Phishing is a challenging problem. It is social engineering. The attackers’ schemes mutate. We humans are the weak link. F5 Labs has useful research here, free tor the reading.

-Maureen

Okta’s 2021 Businesses at Work Report

Posted on by
1

Each year I look forward to Okta’s Businesses at Work report. Okta anonymizes data from its more than 9,400 customer entities. These are customers which use the Okta Identity Network (OIN) with its over 6,500 integrations with cloud, mobile, and web apps, and with IT infrastructure providers. The report is free, not even a registration is needed. To my knowledge no other public report provides this level of data on cloud application usage.

For data lovers it’s a treasure trove of facts about cloud usage. There are over 28 charts and tables. Download it here. I’ll share a few of my favorite insights from the report.

Most Popular Apps by Number of Customers

Microsoft 365 wins. I attended a legal technology conference in 2014. In a session on SharePoint, hosted by Microsoft, the roadmap showed that Outlook, Exchange, and, yes, SharePoint were all moving to the cloud in the form of Office 365. People exited the room in fury. At that time, most law firms were adamant – No Cloud. While there will always be law firms, especially “Big Law,” which will keep Outlook, SharePoint, and the Office Suite on-premises, the adoption of Office 365 or Microsoft 365 in the legal sector has been swift over the past two years. The Okta data reflects this.

This chart shows that the gap in usage between Microsoft 365 and all other applications, including AWS and Salesforce, has only widened in the past 5 years.

Most Popular Video Conferencing Apps

This graph highlights the steep curve in Zoom usage which we all lived through in 2020. At Mobile Helix, we started using Zoom heavily in 2017. We even perform our LINK system deployments remotely over Zoom in about two hours. When the pandemic hit, we were easily able to deploy LINK with IT staff who were themselves working from home. Customers favor our over-Zoom deployment over an on-site visit as it ends up taking less of their time.

Customers Authenticating With Each Factor

Phishing has been up 220% during the pandemic per F5’s 2020 Phishing and Fraud Report (an excellent report on phishing). The Okta report quotes, “F5 warns that the login page of our most popular app, Microsoft 365 (M365), is one of the most popular targets for generic phishing because attackers know that stealing Office 365 credentials can grant them access not only to email but also corporate documents, finance, HR, and many other critical business functions.”

Strong Multi-Factor Authentication (MFA) should be used with M365. The chart above shows that of Okta customers authenticating with a factor in addition to, or instead of a password, 82% use Okta Verify. The good news here is that weaker factors such as SMS and security questions are on the decline.

One of the positive conclusions from Okta’s 2021 Businesses at Work report has to be that as difficult as 2020 was, with 38M people applying for unemployment, if it had happened even 10 years earlier, how many people would have been unable to work from home? The growth of web-based applications, cloud-based services, and mobile apps resulted in most office jobs successfully transitioning to work-from-home in two or three weeks.

2020 was The Year of the Cloud.

-Maureen