Overreliance on Passwords Continues to Compromise Data Security, Finds Thales

June 16, 2020

According to the 2020 Thales Access Management Index – U.S. and Brazil Edition¹– four out of ten IT security professionals still see usernames and passwords as one of the most effective means to protect access to their IT infrastructure, even though most hacking-related breaches are a result of weak, stolen or reused user credentials. In fact, the vast majority of respondents indicate that their organization plans to expand the use of usernames and passwords, even though the limitations could pose strong security challenges. This is particularly interesting given the increased remote worker environment. This continued reliance on outdated security comes despite half of IT leaders revealing secure access management is now a priority for boards of directors.

Surveying 300 IT decision-makers across the U.S. and Brazil, Thales’s new research found that the majority (68%) of U.S. IT professionals revealed that unprotected infrastructure is one of the biggest targets for cyberattacks, ahead of cloud apps (58%) and web portals (52%). Pressure to implement digitally transformative technologies also is driving businesses to adopt solutions that are likely increasing their level of risk.

Solving the Security vs. Convenience Challenge in a Time of Crisis

The recent explosion of the remote work environment brought on by the COVID-19 global pandemic has forced IT departments into a tug-of-war between security and convenience at a time when risks are at their highest. Even amidst the rapidly evolving landscape of access management, the vast majority (94%) of respondents in the report that their organization’s security policies around access management have been influenced by breaches over the past year. Despite that, more than half (58%) say they still allow employees of their organization to log on to corporate resources using social media credentials – a risky practice. In fact, less than a third (28%) view social media credentials as one of the best tools for protecting cloud and web-based authentication.

According to the report, security concerns (88%), and / or the threat of a large-scale breach (84%) are the factors most likely to drive organizations to have implemented, or plan to implement, an access management solution. This highlights the reactive approach that many organizations are taking rather than a more effective, proactive one.

Accelerated Cloud Adoption adds Further Complexity

As organizations move more and more applications to the cloud, it is essential that each application is properly secured and nearly all (97%) surveyed anticipate problems for their organization if this is not done effectively. Almost all (98%) of the respondents indicate that cloud access management is conducive to facilitating overall cloud adoption, and they want to manage access centrally. According to the report, two-factor (66%), smart single sign on (43%) and biometric authentication (39%) are viewed as the best tools for protecting cloud and web-based applications by U.S. respondents.

Strong Awareness for Better Access Control

Despite continued overreliance on authentication methods like usernames and passwords, multi-factor authentication use is increasing with nearly all (95%) of respondents reporting that they have implemented it. However, only 15% say they use a dedicated multi-factor solution. Smart single sign-on (SSO) may be the least widely (59%) adopted access management capability, but more than a quarter (26%) plan to implement this technology within the next year. In addition, a strong majority (86%) of respondents plan to expand their use of SSO, an indication of its growing importance.

“Innovation in access security allows us to overcome the reliance on passwords, which are proven to be insufficient in protecting data,” said Francois Lasnier, vice president for Access Management solutions at Thales. “Organizations that utilize cloud-based access and passwordless authentication to scale secure cloud adoption will be able to meet the increased need for improved security, especially at a time when access control is critical for today’s remote workforce. The elimination of username and passwords as a sole method of authentication and broader use of smart single sign on will result in a greater level of security and convenience as more and more applications are delivered from outside the security perimeter.”

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Overreliance on Passwords Continues to Compromise Data Security, Finds Thales

Related Articles

Related Events

Report Abusive Comment