By Paul Wiederkehr, Product Marketing, SecureAuth
Data protection and personal privacy is a very popular and important topic as more and more people are connecting to resources and transacting with businesses across the internet. In just 30 short years, the internet has gone from 45M online users to 4.3B active online users. The sheer amount of traffic on the internet has created ample opportunity for bad actors to execute malicious cyber activity predominantly for financial gain. The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are examples of initiatives created to protect citizens by providing a standard set of rules for how consumer data and privacy is managed and protected. Of course, these organizations are focused on well-intentioned businesses.
How do businesses operating in the financial industry confront bad actors and cyber criminals?
The financial services sector has always been a prime target for bad actors because of the compelling data these organizations maintain. The percentage of banking customers that regularly use online or mobile banking is 71% online and 43% mobile based on data from the Federal Reserve Bank Mobile Financial Services Survey. And according to the recent 2020 Verizon Data Breach Investigations Report, the finance and insurance sector continues to be a prime area of interest for bad actors. The Verizon report identified some compelling data points for the finance and insurance segment:
- Frequency: 1,509 reported incidents and 448 with confirmed breaches (13% - 2nd highest)
- Source of Threats: External (64%), Internal (35%), Partner (2%), Multiple (1%)
- Motive: Financial (91%), Espionage (3%), Grudge (3%)
- Data Type Compromised: Personal (77%), Other (35%), Credentials (35%), Bank (32%)
As many of us know, users are often the weakest link when it comes to security and that reality is not lost on bad actors. Understanding users can pose credible risk to valuable resources and data (in most cases unknowingly) as a result of social engineering and hacking tactics by bad actors, the risk and security leaders of financial institutions need to identify and implement the appropriate tools to protect and safeguard the business and its users.
In SecureAuth’s recent 2020 State of Identity Report, we conducted research across 2,000 consumers in the U.S. with approximately 50% of respondents currently in the U.S. workforce. The research produced an objective data set with respect to the security and privacy habits consumers apply in both their personal and professional lives. Following are a few of the interesting and impactful statistics identified in the report:
- People are openly sharing their passwords via text message (20%), written note (15%), and email (10%)
- 34% of director level & above associates have used one of the most common and generic passwords
- Only 38% of those in leadership positions say their work passwords are unique
- Only 56% of people have not shared their password associated with their online banking accounts
The Identity Report data reveals that many people (i.e. customers or employees) do not have the best of habits when it comes to password security. And for financial institutions, the underlying concern is people create risk and can be their own worst enemy when it comes to protecting and securing their privacy, data, and online accounts. The challenge for security and risk leaders is implementing the right access tools and user workflows to mitigate risk, improve security, and ensure users encounter a friction-free experience.
The importance of secure digital engagement with customers for financial institutions will continue to grow as mobile, online banking, and other services expand in popularity. For online users security is a top concern and the need for a modern Identity and Access Management platform that maximizes security, reduces costs, introduces flexibility, enhances user experience, and increases trust and confidence is critical for the ongoing success and growth of financial institutions.
Read the white paper: Importance of Adaptive Authentication in Financial Services to garner a better understanding of how a layered security approach to access improves the user experience and provides better protection of valuable resources and user privacy.