New York, NY – July 13, 2022 – HYPR, The Passwordless Firm™ and Vanson Bourne, at this time launched a brand new report that reveals the monetary sector is failing to fight the largest menace in cybersecurity – compromised credentials. Findings present that 80% of monetary service organizations skilled at the very least one cyber breach previously 12 months associated to a weak point in authentication, but solely one-third of organizations modified their authentication strategies following the breach, leaving a big quantity extremely uncovered to future assaults and breaches. The State of Authentication within the Finance Business report additionally reveals there’s a acknowledged resolution to fight such assaults, with a convincing 89% stating that passwordless authentication is required to succeed in the best ranges of safety.
The report, which shares insights from 500 IT safety decision-makers within the monetary sector, represents a cross-section of small and medium companies and enterprise corporations spanning the U.S, U.Ok, France and Germany. Findings uncover the burden that present authentication practices are leaving on monetary organizations globally, particularly the high-risk cracks in safety, pressure on budgets and general operational disruption. Extra importantly, the outcomes determine the discrepancies round “perceived” and “precise” authentication safety.
Over the past 12 months, an alarming 85% of surveyed organizations confronted a cyber breach; extra startlingly, almost three quarters (72%) skilled a number of breaches in the identical timeframe – driving the annual common to a staggering 3.4 breaches per yr. Remarkably, 90% of those victims nonetheless imagine their present authentication strategy is safe, regardless of information proving in any other case. Of those assaults:
● 36% reported phishing as probably the most prevalent sort of assault, adopted intently by malware and credential stuffing, equally at 31%, and push notification assaults at 29%.
● The annual common direct value of authentication-related cyber breaches was $2.19 million, not factoring in intangible and hidden prices.
● Practically one third misplaced prospects to their opponents and skilled a lack of worker (29%) and buyer information (26%) within the aftermath of the breach.
“The finance business is on the forefront of cybersecurity. As one of the crucial focused sectors for assault, monetary providers corporations have a powerful observe file of adopting new, revolutionary protection applied sciences to ship the safety that shoppers want,” mentioned David Reilly, Safety and Monetary Providers Strategic Advisor and former CIO and CTO for Financial institution of America. “Whereas enhancements in perimeter, community and behavioral analytics have superior, authentication safety has not moved on the similar tempo. We now have the chance to make a step-function change and enhance authentication safety by eradicating the danger of static passwords and credentials which will be discovered and leveraged by attackers. Eliminating the static password danger is the strategic path ahead.”
Monetary Organizations Have a False Sense of Safety Concerning Multi-Issue Authentication
The monetary sector is probably the most extremely focused business for cyberattacks, and probably the most forward-thinking and progressive with know-how adoption. Regardless of that, a considerable proportion of respondents (32%) admit that their staff are utilizing legacy authentication strategies equivalent to SMS and OTPs, and near one-quarter (22%) use usernames and passwords solely. The report findings highlight a disconnect as 84% really feel that conventional MFA offers full safety and on the similar time, 99% agree that their present authentication strategies are insufficient.
“The Monetary Providers business, like many others, is going through a paradox. Knowledge reveals that conventional authentication strategies are perceived to be efficient however the information additionally clearly reveals that these strategies don’t present sufficient safety, leaving organizations uncovered to unacceptable danger. On the similar time, the dimensions of assaults and malicious strike strategies are quickly rising, widening this vulnerability hole,” says Bojan Simic, co-founder, CEO and CTO of HYPR. “Ongoing steering and mandates from authorities our bodies equivalent to CISA are a vital step ahead in elevating the crimson flag and calling for quick motion for stronger controls. Passwordless MFA is the gold commonplace and have to be the muse of all safety methods – the info speaks for itself.”
Advantages of Passwordless Authentication Are Recognized with Improved Person Expertise and Safety Main The Approach
89% of monetary organizations perceive that passwordless authentication is required each to attain the best stage of authentication safety and to make sure person satisfaction. 9 out of ten additionally agree that the price advantages are a dominant issue for passwordless adoption. Elements equivalent to password fatigue, impacts to productiveness and assist desk prices are main adoption drivers. Moreover, respondents named assembly cyber insurance coverage necessities (31%), bettering provide chain safety (31%) and supporting Zero Belief initiatives (27%) as advantages of passwordless authentication.
For extra data on HYPR go to https://www.hypr.com.