Passwords on the Rise Despite Evidence that They are Increasingly Unable to Protect, Finds Thales
- Almost a third (29%) of organisations across Europe and the Middle East see usernames and passwords as one of most effective access management tools, despite inherent weaknesses
- More than half (57%) of companies believe that unprotected infrastructure such as new IoT devices present the biggest targets for cyber-attacks, ahead of cloud apps (55%) and web portals (43%)
- Over two-thirds (67%) of IT leaders feeling under pressure to balance convenience and security
According to the 2020 Thales Access Management Index – Europe and Middle East Edition1 – nearly a third (29%) of organizations in Europe and the Middle East still see usernames and passwords as one of the most effective means to protect access to their IT infrastructure, two years after the inventor of the complex static password admitted they don’t work. In fact, 67% of respondents indicate that their organisations plan to expand its use of usernames and passwords in the future. This continued reliance on outdated security comes despite IT leaders revealing it is increasingly easier (48%) to sell the need for security to their boards compared to last year (29%).
Surveying 400 IT decision-makers across Europe and the Middle East, Thales’s new research found that the majority (57%) of IT professionals revealed that unprotected infrastructure is one of the biggest targets for cyber-attacks. Therefore any organization utilising it, as a result of business pressure driving them to adopt digital transformation technologies, are likely to be putting themselves at a higher level of risk.
Solving the Security vs. Convenience Conundrum
With the Covid-19 global pandemic causing many companies to work from home, IT departments are battling to provide employees with both security and convenience. In fact, over two-thirds (67%) of European IT leaders say their security teams feel under pressure to provide convenient access to applications and cloud services for users, but still maintain security – an indication they’re struggling to balance their digital transformation and security priorities. To this end, 96% believe that strong authentication and access management solutions can facilitate secure cloud adoption. Over three-quarters (76%) also revealed employee authentication needs to be able to support secure access to a broad range of services including virtual private networks and cloud applications.
Making small improvements
While some organisations still rely on legacy authentication methods like usernames and passwords, growing awareness of the threats is prompting action with almost all (94%) organizations having changed their security policies around access management in the last 12 months. Staff training on security and access management (47%), increasing spend on access management (43%), and access management becoming a board priority (37%), have all seen an increased focus. This is set to pay off in compliance terms too, with nearly all (98%) European respondents admitting controlling who has access to their company’s data. This will help them meet data regulation requirements like GDPR.
Two steps forward, one step back
Looking ahead, some IT leaders are set to potentially use their influence at board level more wisely, with investment in the use of more secure methods such as biometric authentication (75%) and smart SSO (81%) set to increase in the next year. However, a third (67%) still plan to expand their use of usernames and passwords, which is a similar size to those intending to further utilise passwordless authentication methods (70%).
1The 2020 Access Management Index, is a survey of 400 executives in 7 countries in Europe and the Middle East with responsibility for, or influence over, IT and data security. The survey, reporting and analysis was conducted by Vanson Bourne, commissioned by Thales.