While one would think that companies have learned that it is far more damaging and expensive to repair after a hack than it is to prevent one in the first place, a new survey reveals a stubborn lack of authentication hygiene.
A market survey from SecureAuth Corp. asked respondents to answer 10 network security questions with respect to the company each represented. Results showed that 58% felt confident in their company’s protection from security breaches, yet 39% use password-only authentication measures.
Insecure passwords are of course a vector for regular exploitation in cyber-attacks. When asked who executives were most concerned would compromise the company’s network, 62% responded that they view employees as their biggest threat.
“We found the results of this survey both eye-opening and a bit disappointing,” said SecureAuth CEO Craig Lund. “Despite numerous high-profile cyber-attacks this year that exploited compromised passwords, many businesses are simply not taking the necessary precautions, such as deploying adaptive and two-factor authentication. We hope the survey results will encourage more organizations to evaluate their access control strategies and take recommended measures to improve their security to better protect their users' identities and detect bad actors in their environment.”
In response to questions regarding the future of each executive’s network security, a bright spot is the fact that 63% answered that their company plans on changing from, or enhancing, the password-only model. However, for most companies, this process will take at least two years to achieve, leaving them vulnerable for some time to come. Looking five years ahead, 19% of responders indicated that their company’s main method of IT security would be passwords, tokens and biometrics, while 18% will utilize two-factor authentication. About 16% said that they don’t know what the status of network security will be for their organization.