2020 Businesses @ Work (From Home): Finance


The world has changed

The COVID-19 pandemic has created unprecedented challenges for organizations around the world. With millions of people suddenly working from home for the first time, companies need ways to ensure productivity, connectivity, and security—quickly.

The finance and banking industries face new challenges on two fronts. On the workforce side, many financial institutions have had to quickly scale up, enabling remote call centers to maintain customer service quality, and others have scrambled to handle an overwhelming surge of loan applications as customers refinance loans. For their customers, financial institutions know that high call volumes increase the risk of fraud; as a result, many want to strengthen customer authentication without frustrating customers. Institutions are also accelerating their shift to digital banking and wealth management services as customer engagements are being forced online.

This mid-year update to Businesses @ Work looks at the data from the Okta Integration Network (OIN) to understand how organizations are employing new apps and increasing adoption of existing technology to improve productivity and secure their remote workforce during this unique crisis. Our network now includes nearly 8,000 customers and over 6,500 integrations with cloud, mobile and web apps, and IT infrastructure providers. This version of the report has been customized specifically for finance and banking industries.

B W Finance Fastest Growing Apps and Tools by Unique Users across All Industries

WFH: More apps and tools, more comfy pants

Each month we see an overall uptick in the number of apps deployed as companies adopt more tools to get work done. Other than a typical dip in December around the holidays, our total number of unique users tends to uptick steadily as well. Between this February and March, that uptick grew substantially as more users adopted new functionality. We see growth in two major areas across our network: collaboration tools, especially video conferencing apps, and network security tools such as VPNs that extend secure access to remote workers.

Our fastest growing apps were determined by the percentage increase in the number of unique users who logged in at least once during a 30-day period ending March 31 compared to a 30-day period ending February 29. Note that our data looks primarily at workforce usage.

Video conferencing has suddenly become pervasive in our lives: not only do home-based workforces need it to be productive, but families are using video conferencing to stay in touch, friends are scheduling get-togethers, and both educational and extra-curricular classes are moving online. So it will probably come as no surprise that three of our top seven fastest growing apps across our overall network are video conferencing tools. Zoom was the fastest growing app in the OIN with an amazing 110% growth in unique workforce users in March over February, 2020. (For comparison, Zoom grew only 6% during that same time period in 2019.) RingCentral ranks at #6 with 39% growth, and Cisco Webex takes #7 with 37% growth in that same month-over-month period.

Network security and performance tools share the spotlight. Palo Alto Networks GlobalProtect showed 94% growth in March over February, compared to 20% for that same period in 2019. Cisco AnyConnect was close behind with 86% growth. These VPN tools provide security and ensure business continuity as organizations move workforces to the cloud at scale. Citrix ADC, which accelerates application performance and secures apps from attacks, had 56% month-over-month growth in that same period.

Proofpoint Security Awareness Training was the fifth fastest growing app, with 40% growth in March over February, indicating that companies aren’t just scrambling to get everyone up and running remotely—they are taking the extra step to protect the organizations’ notoriously weakest link, human error. Proofpoint also appeared at #10 with 22% growth, representing the increased usage of their Proofpoint Protection Server, Proofpoint Secure Share, and ProofPoint Threat Insight Dashboard products.

An unexpected transition to working from home often requires a new set of problem-solving skills. Many users are turning to Freshservice for their cloud-based IT service desk solution: between February and March of 2020, the number of unique users grew 25%. And LinkedIn Learning experienced 23% month-over-month growth, showing us that users are expanding their skill sets and possibly using this time to invest in themselves.

Finance and Banking

Fastest Growing Apps by Unique Users

Citrix ADC: 99%
Zoom: 98%
Palo Alto Networks GlobalProtect: 62%
Cisco Webex: 28%
Slack: 25%

Between February and March, finance and banking professionals increased their use of network security and performance tools, including Citrix ADC and GlobalProtect.

The industry needed to add collaboration tools in order to work remotely. Zoom, Webex, and Slack all saw significant increases in unique users over the prior month.

Percentage Change in B W Finance Finance and Banking Sector Unique Users Accessing Apps

We took a closer look at our fastest growing apps and tools to see how the percentage growth of unique users changed day by day from late February through March, looking for a correlation between the growing impact of the pandemic and users’ behavior. We used a 28-day comparison to ensure weekdays are always compared to weekdays.

Looking at typical weekday login cycles across all industries, we estimate that Friday, March 6, 2020 was the last day of “normal” app usage, before user activity was affected by the pandemic. Across our network, looking at all industries, we see a general upward trend beginning on Monday, March 9, 2020 for many apps.

In the banking and finance sector, Zoom had the biggest peaks in increases in unique users when compared to 28 days prior. On March 17, 23, and 27, Zoom reached peaks of 216%, 240%, and 220%, respectively. On March 20, Webex hit a peak of 69% growth and Slack hit a peak of 32% growth. On March 23, GlobalProtect reached a peak of 208%, and Citrix ADC reached a peak of 176%, which it hit again on March 26.

Many factors have impacted the number of logins during this period of time, but we noticed that specific moments in time, such as government-issued social distancing directives, correlated to jumps in usage. By Monday, March 16, many European countries had announced lockdowns; we saw a sharp increase in unique user logins, especially for Zoom, GlobalProtect, and Citrix ADC, compared to the previous Monday. On Friday, March 20, California began a shelter-inplace directive, and New York asked non-essential businesses to close. By the time the UK announced lockdowns on Monday, March 23, Zoom reached its peak increase in unique users.

After seeing the significant change in the percentage of unique users accessing these apps each day, we were interested in “double clicking” on the number of daily logins for the three top apps: GlobalProtect, Zoom, and Citrix ADC. We compared the data from January 13 through March 31, 2020, against the same period in 2019. All three apps had similar trend lines, with steep growth after March 13.

B W Finance Finance and Banking Sector Logins to Palo Alto Networks GlobalProtect

As finance and banking organizations plan to onboard large numbers of employees to work remotely with uninterrupted access and a seamless user experience, rapidly scaling secure remote access capacity is key. GlobalProtect extends network security to endpoints to protect an organization’s mobile workforce, regardless of location.

B W Finance Finance and Banking Sector Logins to Zoom

Zoom had already surpassed Cisco Webex to become the top video conferencing tool in our overall network by 2018, and the app showed a meteoric rise in our 2020 Businesses @ Work report. Zoom has become a go-to tool not just for remote finance and banking workforces, but as a way to maintain relationships and commitments outside of work as well.

B W Finance Finance and Banking Sector Logins to Citrix ADC

Finance and banking organizations often deal with diverse application environments across hybrid, on-prem, and cloud infrastructures. Having a newly-remote workforce adds another layer of complexity. Tools like Citrix ADC enable high performance application use from anywhere.

Security: now more than ever

Attackers are trying to take advantage of the chaos around the COVID-19 pandemic by launching a flood of phishing and identity attacks. Barracuda researchers have observed a 667% increase in spear-phishing attacks since the end of February, 2020. Even the FBI has issued a warning about an increase in fraud schemes due to the pandemic. Next Caller reports that about 32% of 1,000 surveyed Americans believe they've already been targeted by fraud or scams related to COVID-19, and the company predicts “a second wave of fraud will leverage broadscale confusion and the sheer volume of activity...to prey on desperate individuals and overwhelmed businesses.” Add in a nation waiting for stimulus checks, and opportunities abound for deception. With the traditional perimeter gone, finance and banking institutions need to protect their workers and customers more than ever.

Evolving attacks leverage fears and changes in behavior

Proofpoint, an Okta partner, has observed the rapid rise of COVID-19 lures. Threat actors are actively using COVID-19 social engineering themes to try to take advantage of remote workers, health concerns, stimulus payments, trusted brands, and more. As the pandemic has occurred over a number of weeks, and remains an area of concern worldwide, the overall collective volume of lures only continues to increase.

This winter, attackers have shifted very quickly from holiday-based lures to COVID-19 lures. Attacks come in many forms. For example, in a business email compromise, the sender may request “urgent” help under the guise that the sender’s town is locked down. Attachment threat emails may look like an internal office email with instructions to download an attachment about how to stay safe from the disease. URL-based threats also may look like an internal office email requesting employees fill out a survey about disease awareness, or register for a “mandatory” seminar. COVID-19 was used in conjunction with well known brands and entities such as financial institutions and technology companies, as well as more specific brands such as the World Health Organization (WHO).

As we have seen in data from the OIN, video conferencing adoption as a whole has increased considerably, so it’s no surprise attackers are trying to leverage these top apps. Since March 27, 2020, Proofpoint researchers have observed an increase in video conferencing company-themed attacks seeking to steal credentials and distribute malware. These attacks do not leverage or attack video conferencing software directly: threat actors are using the names and brands of these video conferencing companies as themes in their social engineering lures, which lead to the theft of various account credentials, malware distribution, or credential harvesting for these spoofed video conferencing accounts.

While all industries have been targeted, Proofpoint has seen specific targeting of healthcare, education, manufacturing, media, advertising, and hospitality organizations in certain attack campaigns.

Percentage Change in B W Finance Finance and Banking Sector Unique Users Authenticating with Each Factor

Users ramp up Multi-Factor Authentication for protection

As more and more people work from home, organizations are using Multi-Factor Authentication (MFA) to ensure their remote workforce has secure access to company data. In the past month, we've seen especially large upticks in certain factors network wide. In the finance and banking industry, Okta Verify (including Okta Verify with Push notifications) has shown the most growth in the percentage of unique users per day, hovering around a 100% increase over 28 days prior. Google Authenticator, Voice, and Duo showed significant growth as well. YubiKey and SMS both ended the month with 25% growth. Our customers are reacting quickly and implementing factors that are easiest to deploy— “some MFA is better than none.” Our annual Businesses @ Work data tells us that many customers, especially newer customers, will migrate to using fewer but stronger factors.

Now, and looking forward

Our banking and finance customers around the world have reacted to the pandemic quickly, rolling out remote communication apps, extending VPNs, and adding MFA to ensure the productivity, connectivity, and security of their (now) remote workforces. This first phase of evolution enables remote work so financial institutions can thrive.

Once the dust settles, we believe financial institutions will be ready to face a second phase of evolution, adding apps and tools that will not just enable remote productivity, but enhance what will likely become a “new normal” of dynamic work.

Tips for Enabling Secure Access for a Remote Workforce


To create our Businesses @ Work reports, we anonymize Okta customer data from our network of thousands of companies, applications, and IT infrastructure integrations, and millions of daily authentications and verifications from countries around the world. Our customers and their employees, contractors, partners, and customers use Okta to log in to devices, apps and services, and leverage security features to protect their sensitive data. Our customers span every major industry and vary in size, from small businesses to enterprises with hundreds of thousands of employees or millions of customers. As you read this report, keep in mind that this data is representative of Okta's customers, the applications we connect to through the Okta Integration Network, and the ways in which users access these tools through our service.

We have worked carefully to standardize our data. Unless otherwise noted, this report presents and analyzes data from January 13, 2020, to March 31, 2020. When looking at daily trends, we look at data from week days, excluding weekends.

This report looks at apps deployed for corporate and personal use. Unless otherwise specified, the data included in this report is limited to Okta customers that have deployed at least one app through the Okta Integration Network.