A day doesn’t go by that we don’t hear about a new data breach. Larger organizations are being targeted, more records are being stolen, and nothing we’re doing is stemming the tide. But at least we know how they happen. According to the 2017 Verizon Data Breach Investigations Report, 81 percent of data breaches were caused by weak or compromised passwords. The average cost of a data breach in 2017 was $3.62 million, $6.7 million for breaches where more than 50,000 records were stolen.
So far, the majority of data breaches in 2018 have already exceeded 50,000 records compromised. Even companies using two-factor authentication are still experiencing breaches. Imagine the continued expense, not to mention damaged reputation, breached organizations are incurring.
So why are we still using a security strategy centered around passwords? The modern password system was developed in the early 1970s, and despite minor improvements, it has remained relatively the same over the last 4 decades. Why are we still using a security system well past its prime?
A Password-Only Approach Isn’t Working
Veridium commissioned a study by Vanson Bourne of 200 senior IT decision makers in the United States on their experiences with data breaches, passwords, and advanced authentication methods. Overall, more than half (53 percent) reported that their organization has experienced a data breach within the last five years. And believe it or not, some still use passwords alone to secure access to systems and data.
But the majority of those surveyed realize that their current strategy isn’t enough. Only 34 percent of respondents are very confident that passwords alone protect data sufficiently. This is because, at the end of the day, end users will find ways around even the strongest password policy.
Employees use many methods to bypass password security, including: Reusing the same password with a different number or a special character (90 percent); writing them down (41 percent; and using a common password like “123456” or “qwerty” (32 percent).
Ultimately, employees are the weakest link in the security chain. So if you can’t change human behavior, maybe it’s time to eliminate the underlying technology.
Turning to Biometrics for Stronger Authentication
In the survey, 86 percent of IT decision agree that biometrics is the most secure authentication method. Sixty-three percent of those that have already experienced a data breach are implementing biometric authentication to stem further attacks.
And the rise of data breaches isn’t the only reason companies are turning to strong authentication with biometrics. New data privacy regulations, like the GDPR, increased demand from end users, and lower total cost of ownership are other influencing factors. We explore these reasons, and more data from the study, in our latest infographic.
Biometrics brings better security, increased workforce productivity, enhanced accessibility to data and protected resources, improved scalability, and increased employee satisfaction to organizations combating the problems brought on by passwords and two-factor authentication. Companies that have embraced biometrics are already benefiting from these changes.
Bringing security and convenience together is at the heart of Veridium’s single-step multi-factor biometric authentication solutions. To learn more about our solutions and discover how you can fight back against data breaches and eliminate passwords, PINs, and tokens, visit us at RSA Conference 2018, booth #3011 in the North Expo Hall, from April 16th to the 20th.