The use of multi-factor authentication (MFA) has jumped by more than 40% year-over-year in 2016.
According to a survey from SecureAuth Corp., in 2015, 66% of organizations were using MFA in some capacity. In 2016, that number has jumped to an impressive 93%.
More than half (51%) are using MFA across the organization, while 38% have implemented it in some areas. About four percent of respondents are on the bleeding edge of identity access management, having shed the use of passwords entirely in favor of adaptive authentication.
In looking ahead to 2017, more than 30% of organizations are looking to expand or implement MFA in the next 12 months.
“Using a second-factor can be a deterrent but is no longer enough against attacks, and organizations must evolve their methods to safeguard critical points of access such as Single Sign-On (SSO) portals and the VPN,” said Keith Graham, CTO of SecureAuth. “By implementing adaptive access authentication, organizations can both eliminate that threat vector and provide an outstanding user experience. The latest advances in adaptive authentication include transparent techniques, such as device recognition, geo-location, the use of threat services, and even behavioral biometrics.”
Drilling down further, large organizations, with more than 2,500 employees, are adopting MFA at a higher rate. The findings reveal that 63% are using MFA across their organization with 21% choosing adaptive authentication over traditional two-factor authentication (2FA). It also showed that medium-sized businesses, those with 250-2,499 employees, are the most interested in MFA in 2017, and 41% plan to implement or expand their MFA deployments.
In contrast, small organizations (fewer than 250 employees) are the least likely to use MFA. About a fifth (21%) are not using any form of MFA and have no plans to implement it in the next 12 months.
The study also looked at awareness and found that 82% of respondents reported a concern about the misuse of stolen valid credentials to gain access to the organization’s assets and information. Gaining access with stolen usernames and passwords is one of the most common methods that attackers use during a breach—so these fears are not in vain.
“It goes hand-in-hand that the increased implementation of multi-factor authentication and growing interest in expanding its use within organizations is driven by the top concern of misuse of stolen credentials,” said Graham. “Again and again, we see in many high-profile, and not so high-profile breaches, bad actors gaining access to organizations using valid credentials that have been compromised in some way.”
Given the broad awareness of cybersecurity issues across the populace, one would expect to see a significant budget allocation to fight cyber-criminals. In fact, 60% of organizations plan to increase cybersecurity spending in 2017—with one in five project increases of at least 20%. Yet when compared to 2015 data, 95% of respondents expected a spending increase and 44% projected 20% or more in additional funding. This decrease may reflect a slowing pace in cybersecurity funding. Perhaps more telling, when asked to list the biggest security challenge they expect to face in 2017, nearly half of respondents (49%) called out getting enough budget to everything critical in IT security as the biggest concern their organization will face in 2017.