Multi-Factor Authentication Sees Huge 40% Jump in 2016

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
The use of multi-factor authentication (MFA) has jumped by more than 40% year-over-year in 2016.

According to a survey from SecureAuth Corp., in 2015, 66% of organizations were using MFA in some capacity. In 2016, that number has jumped to an impressive 93%.

More than half (51%) are using MFA across the organization, while 38% have implemented it in some areas. About four percent of respondents are on the bleeding edge of identity access management, having shed the use of passwords entirely in favor of adaptive authentication.
In looking ahead to 2017, more than 30% of organizations are looking to expand or implement MFA in the next 12 months.

“Using a second-factor can be a deterrent but is no longer enough against attacks, and organizations must evolve their methods to safeguard critical points of access such as Single Sign-On (SSO) portals and the VPN,” said Keith Graham, CTO of SecureAuth. “By implementing adaptive access authentication, organizations can both eliminate that threat vector and provide an outstanding user experience. The latest advances in adaptive authentication include transparent techniques, such as device recognition, geo-location, the use of threat services, and even behavioral biometrics.”

Drilling down further, large organizations, with more than 2,500 employees, are adopting MFA at a higher rate. The findings reveal that 63% are using MFA across their organization with 21% choosing adaptive authentication over traditional two-factor authentication (2FA). It also showed that medium-sized businesses, those with 250-2,499 employees, are the most interested in MFA in 2017, and 41% plan to implement or expand their MFA deployments.

In contrast, small organizations (fewer than 250 employees) are the least likely to use MFA. About a fifth (21%) are not using any form of MFA and have no plans to implement it in the next 12 months.

The study also looked at awareness and found that 82% of respondents reported a concern about the misuse of stolen valid credentials to gain access to the organization’s assets and information. Gaining access with stolen usernames and passwords is one of the most common methods that attackers use during a breach—so these fears are not in vain.

“It goes hand-in-hand that the increased implementation of multi-factor authentication and growing interest in expanding its use within organizations is driven by the top concern of misuse of stolen credentials,” said Graham. “Again and again, we see in many high-profile, and not so high-profile breaches, bad actors gaining access to organizations using valid credentials that have been compromised in some way.”

Given the broad awareness of cybersecurity issues across the populace, one would expect to see a significant budget allocation to fight cyber-criminals. In fact, 60% of organizations plan to increase cybersecurity spending in 2017—with one in five project increases of at least 20%. Yet when compared to 2015 data, 95% of respondents expected a spending increase and 44% projected 20% or more in additional funding. This decrease may reflect a slowing pace in cybersecurity funding. Perhaps more telling, when asked to list the biggest security challenge they expect to face in 2017, nearly half of respondents (49%) called out getting enough budget to everything critical in IT security as the biggest concern their organization will face in 2017.

Although Multi Factor Authentication is not nearly enough to prevent attacks it is a deterrent and one that most should embrace.
Cyber Crime fighting budgets are really not what they should be which leaves organizations,businesses and the average Joe to fend for themselves.
 

Svoll

Level 13
Verified
Top Poster
Well-known
Nov 17, 2016
627
My first exposure to MFA was something called Blizzard Authenticator (Hello WoW fans!) and have adopted it gradually over the years. MFA vastly improved over the last year or so, most sites you no longer have to manually enter in the keys and are given prompts to approve or deny and have gotten a lot more user friendly and less of a hindrance.

Can't wait to see what MFA has in the future for 2017 and beyond, I am certain cyber criminals are finding methods to defeat it.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Might try a password manager now as well as MT's MFA email verify. Really don't have that much of a chance for such things since they involving phones which I don't own one.
yes, that no phone issue is a deal-breaker for me. I do have a cell phone but can't receive SMS on it. Besides that, I don't have good reception in my work room.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top