Companies persist with outdated authentication policies

Although authentication is the cornerstone of cybersecurity, risk mitigation strategies remain outdated, according to new research from Enzoic.

outdated authentication strategies

As the attack surface expands and cyber threats become more sophisticated, organizations are struggling to provide secure, user-friendly authentication. The study found that despite the emergence of modern strategies, most companies still rely on traditional approaches.

According to the Verizon 2023 Data Breach Investigations Report, many of them do not follow best practices when it comes to password management, putting them at risk because credentials Compromised data accounts for more than 50% of breaches.

“Authentication strategies are firmly in the crosshairs of cybercriminals,” said Michael Greene, CEO of Enzoic. “Despite this recognized vulnerability, organizations continue to deploy archaic strategies that fail to eliminate authentication mechanisms as a threat vector. The much-vaunted passwordless future is not on the horizon for most organizations. It is therefore essential to adopt modern and robust password policies that do not add friction for users.

Reality without password

Only 12% of businesses rely on passwordless policies, and 68% of them primarily use usernames and passwords for authentication. 46% plan to phase out passwords over the next three years. However, 19% have no plans, showing that despite the problems, passwords remain an important authentication mechanism.

To best protect their digital assets, organizations that use the predominant authentication method, passwords, should prioritize updating practices to reflect more modern password policies. MFA may be a compensatory control, but it is intended to enhance, not replace, strong password measures. By closely monitoring the dark web and eliminating exposed credentials used in your environment, organizations can effectively guard against a common entry point for attackers.

The Dark Web Dilemma

84% are concerned about weak and compromised passwords. However, many are unaware of the risks they face. 46% believe a fifth of their passwords could be found on the dark web, 26% are unsure if their organization’s passwords can be found on the dark web, and 56% have experienced issues with MFA , such as usability or compatibility.

Cyber ​​attack prompts action

However, when a company falls victim to an authentication-related cyberattack, it is often necessary to strengthen its defenses.

Following an attack:

  • 38% conduct regular security audits and vulnerability assessments
  • 28% implement MFA
  • 30% strengthen password policies
  • 26% raise user awareness
  • However, 10% make no changes after an attack!

Lack of knowledge about password best practices

Despite guidance on password best practices published by NIST in 2017, 54% of organizations have only heard of the framework in the last 12 months, and 33% remain unaware. This is reflected in the fact that 74% of businesses still rely on periodic password resets and outdated character rules.

The direct consequence of this lack of knowledge is that password policies remain outdated, increasing the likelihood of an attack.

“It is imperative that businesses move beyond the passwordless hype and take steps today to strengthen credential security,” Greene explained.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button