SecureAuth Study Reveals Huge Gap in Manufacturers' Faith in Cyber Security
London, August 19, 2015 – Access control innovator SecureAuth claims manufacturers are leaving themselves wide open to attack from bad actors in its latest survey. Whilst 73% of IT directors in the sector think they are adequately protected from internal and external threats, the data shows it is one of the weakest sectors in the UK economy for ensuring adequate access controls.
A recent UK government report laid bare the extent of the problem ‒ 90% of large organisations and 74% of small businesses across all sectors in the UK suffered significant security breaches in the past 12 months, with damage to corporate reputation and physical costs as a result.
Craig Lund, CEO of SecureAuth said, “The perception and reality of IT protection in the manufacturing sector is badly misaligned. Questions must therefore be posed as to whether manufacturing businesses are acutely aware of the threats to their data and as to whether they are accurately assessing the risks of a potential breach.
“When a data breach does occur, the costs can be massive, not just due to post-breach data clean-up costs, but also complying to the legislative reporting standards and the cost of losing intellectual property. It is far more cost effective to have the necessary access controls in place up front, than try and rectify a data breach afterwards.”
Manufacturers have a great deal of valuable data they need to protect. They are vulnerable to external threats, such as industrial espionage, malicious hacking groups or nation state actors, or internal threats from employees or partners. At present, a third of manufacturing organisations (35%) use passwords alone as their main method of IT security access. It leaves them vulnerable to external exploits, or internal threats where employees gain access to areas beyond their remit.
Lund continued, “It does not appear as though adequate protective measures are in place for most manufacturing companies, both large and small. This is a finding which is both eye-opening and a bit disappointing. Despite numerous high-profile cyber-attacks this year that exploited compromised passwords, many businesses are simply not taking the necessary security precautions. This reliance upon single-factor authentication means that companies are putting their trust in only one threshold of defence and taking an unnecessary gamble with their security.
“To be truly effective, companies must look beyond password controls and consider deploying adaptive and two-factor authentication methods. These can employ a variety of methods with a combination of what somebody knows and what they have, including passwords alongside phone tokens, biometrics, or device fingerprints for instance.”
The fallout of a single breach encompasses severe costs and an extensive remedial process that can see measures as drastic as having to change the nature of business. Government data reveals that 11% of organisations succumbed to this latter option within the last 12 month period.
And yet according to SecureAuth’s latest study it does not appear as though the manufacturing industry has any plans to change or enhance their security in the foreseeable future with 16% of companies maintaining that sole password access will remain an integral aspect of their organisation’s security.
The threats to company data exist on both an external and internal front. The biggest concern of manufacturing companies (55%) is that employees could compromise access to their corporate network either intentionally or unintentionally. In light of government report data, which revealed that 50% of the worst breaches in the year were caused by inadvertent human error, this concern does not seem misplaced.
Employees are often accessing their organisation’s IT network remotely and 43% of organisations see each employee logging in through, on average, two different devices per week. And yet in consideration of the different devices people use to access their organisation’s network remotely, 20% have only one access control and authentication method in place for security. This information is especially alarming in reflection of government data revealing that 15% of large organisations had a security or data breach in the previous year involving smartphones or tablets.
An industry falling behind
At present only 4% of organisations in the manufacturing industry are using a combination of passwords, biometrics and tokens as their main method of IT security access, far fewer than in other industries; professional and financial services (9%), IT/Telecoms (12%), entertainment, hospitality & leisure (10%). This data points to manufacturing organisations falling behind in their security measures by not advancing at the same rate as other industries.
The sector also does not take advantage of adaptive authentication methods, where systems are designed to measure the risk associated with a user’s identity by evaluating a variety of risk indicators. This includes the geographic location of the user, their device profile, and other data to make additional checks on their authenticity.
The research, conducted by Opinium for SecureAuth, studied the approach businesses have to their IT security and access control and all figures unless otherwise stated are from Opinium. Total sample size was 500 IT decision makers in organisations in the UK with 50 or more employees. Fieldwork was undertaken between 20th February and 4th March 2015. The survey was carried out online.
SecureAuth’s identity and information security solutions deliver innovative access control for on-premises cloud, mobile, and VPN systems to millions of users worldwide. With adaptive and multi-factor authentication alongside and single sign-on in one solution, SecureAuth IdP’s unique architecture enables organizations to leverage legacy infrastructures while also embracing next generation technologies. This preserves existing investments while also meeting today’s security challenges. For the latest insights on secure access control, follow the SecureAuth Blog, follow @SecureAuth on Twitter, or visit www.secureauth.com
Atomic PR for SecureAuth
+44(0)207 025 7507