Findings also reveal that 8 out of 10 cybersecurity professionals are concerned about stolen credentials
IRVINE, Calif. – Dec. 15, 2016 – SecureAuth® Corporation, the leader in adaptive access control, today announced survey results that reveal organizations are adopting alternative authentication methods beyond passwords at an unprecedented rate. Commissioned in conjunction with Amplitude Research, SecureAuth surveyed more than 300 IT decision makers and cybersecurity professionals about authentication methods and cybersecurity budgets.
Prevalence of Multi-Factor Authentication Climbs
The use of multi-factor authentication (MFA) rose by more than 40 percent year-over-year. In 2015, the SecureAuth survey found that 66 percent of organizations were using MFA in some capacity. In 2016, that number has jumped to 93 percent. More than half (51 percent) are using MFA across the organization, while 38 percent have implemented it in some areas. Four percent of respondents have shed the use of passwords and rely solely on adaptive authentication. In looking ahead to 2017, more than 30 percent of organizations are looking to expand or implement MFA in the next 12 months.
Drilling down further, large organizations, with more than 2,500 employees, are adopting MFA at a higher rate. The findings reveal that 63 percent are using MFA across their organization with 21 percent choosing adaptive authentication over traditional two-factor authentication (2FA). It also showed that medium-sized businesses, those with 250-2,499 employees, are the most interested in MFA in 2017, and 41 percent plan to implement or expand their MFA deployments.
In contrast, small organizations (less than 250 employees) are the least likely to use MFA. Twenty-one percent are not using any form of MFA and have no plans to implement in the next 12 months.
Industry Concerned about Stolen Credentials
Growth of advanced identity and access management methods, such as adaptive access controls and going passwordless may be attributed to the alarming increase in breaches that involve the use of compromised credentials. A staggering 82 percent of respondents reported a concern about the misuse of stolen valid credentials to gain access to the organization’s assets and information, and their fear is not in vain. Gaining access with stolen usernames and passwords is one of the most common methods that attackers use during a breach. Once an attacker has gained initial access to the network, they elevate privileges and use these stolen credentials to move laterally throughout the organization – often without being detected for weeks or months. This allows bad actors to obtain rich data or to cause havoc within the system.
“It goes hand in hand that the increased implementation of multi-factor authentication and growing interest in expanding its use within organizations is driven by the top concern of misuse of stolen credentials,” said Keith Graham, CTO of SecureAuth. “Again and again, we see in many high-profile, and not so high-profile breaches, bad actors gaining access to organizations using valid credentials that have been compromised in some way.”
“Using a second-factor can be a deterrent but is no longer enough against attacks, and organizations must evolve their methods to safeguard critical points of access such as Single Sign-On (SSO) portals and the VPN,” says Graham. “By implementing adaptive access authentication, organizations can both eliminate that threat vector and provide an outstanding user experience. The latest advances in adaptive authentication include transparent techniques, such as device recognition, geo-location, the use of threat services, and even behavioral biometrics.
Cybersecurity Concerns Drive Bigger Budgets, But Is It Enough?
Given the broad awareness of cybersecurity issues across the populace, one would expect to see a significant budget allocation to fight cybercriminals. In fact, 60 percent of organizations plan to increase cybersecurity spending in 2017 – 1 in 5 project increases of at least 20 percent. Yet when compared to 2015 data, 95 percent of respondents expected a spending increase and 44 percent projected 20 percent or more in additional funding. This decreasemay reflect a slowing pace in cybersecurity funding. Perhaps more telling, when asked to list the biggest security challenge they expect to face in 2017, nearly half of respondents (49 percent) called out getting enough budget to everything critical in IT security as the biggest concern their organization will face in 2017.
The SecureAuth survey was conducted by Amplitude Research (www.amplituderesearch.com ) and administered to 300 cybersecurity professionals or IT decision-makers in November 2016. Results of any sample are subject to sampling variation.
SecureAuth is the leader in adaptive access control solutions, empowering organizations to determine identities with confidence. SecureAuth provides strong identity security while minimizing disruptions to the end-user. SecureAuth has been providing SSO and MFA solutions for over a decade. For the latest insights on adaptive access control, follow the SecureAuth blog, follow @SecureAuth on Twitter and on LinkedIn, or visit www.secureauth.com.
SecureAuth® is a registered trademark in the United States and/or other countries.