October 14, 2016 by Canadian Underwriter
Reliance on largely ineffective traditional authentication techniques is building as efforts to do away with passwords – cited by 69% of polled respondents in the United States – is ebbing, note new survey results from SecureAuth Corporation.
Commissioned in conjunction with Wakefield Research, the survey results from SecureAuth Corporation explored industry perspectives on passwords and authentication. Involving 200-plus IT decision makers (ITDMs) south of the border, the poll was conducted using an email invitation and online survey.
Alarmingly, the survey found that organizations on average are only protecting 56% of their assets with multi-factor techniques, notes a statement Thursday from SecureAuth, a California-based provider of access control solutions.
Respondents cited as their top reasons for not yet making improvements to their authentication strategy as company executives and disruption to users’ daily routine, each noted by 42% of those taking part in the poll.
The top two hindrances were followed by a lack of resources to support maintenance, cited by 40% of respondents; a steep employee learning curve, noted by 30%; and fear that the improvements would not work, reported by 26%.
“On the heels of recent mega breaches such as Yahoo!, in which usernames, passwords and security question responses were compromised, there’s a growing movement from individuals and businesses for an authentication overhaul,” Craig Lund, CEO of SecureAuth, says in the company statement.
“Single-factor, password-based authentication – and even many traditional two-factor approaches – are no longer enough in today’s increasingly digital world,” Lund argues.
The high costs associated with cyber attacks, “it’s in everyone’s best interest to make it more difficult for attackers to cause further damage to our economy,” he adds.
Stolen credentials are at the core of a startling number of breaches, SecureAuth reports, citing the Verizon report, 2016 Verizon Data Breach Investigations Report, which found that 63% of the attacks the company studied leveraged weak, default or stolen credentials at some point in the attack.
“While companies are learning that password-only policies leave their organizations vulnerable, many ITDMs and C-level executives are still hesitant to evolve and update their authentication strategies,” Lund contends.
Calling it a tough balancing act, he acknowledges that “organizations must confirm user identities with the strongest forms of access control while also balancing a positive and non-intrusive user experience.”
Other survey findings include the following:
“Basic two-factor authentication alone is no longer enough – and it’s time for companies to adapt,” SecureAuth notes in the statement.
“Organizations are using outdated authentication approaches that require extra steps for users, and are ineffective against today’s advanced attacks,” argues Keith Graham, CTO of SecureAuth, maintaining that organizations need to evolve and strengthen defences against cyber adversaries.
“Those that are forward-thinking are implementing modern, behind-the-scenes adaptive risk checking that increases security while not getting in the way of the end-user experience,” Graham says.
“Strong security during authentication no longer has to be at the expense of the end-user,” he continues.