MFA and Zero Trust Adoption Prodded by Cybersecurity Events, Research Finds
IT and security decision makers understand the need and value of multi-factor authentication (MFA) and its applications but there’s a substantial disconnect between what they perceive to be highly secure MFA methods and those implemented at their organizations, a new study said.
It’s partly why more than six in 10 organizations (63%) in a survey of 169 IT and security decision makers intend to increase investments in MFA for employees over the next five years, homing in on passwordless security features (40%), BIO-key, a Wall, New Jersey-based identity access management (IAM) provider said. Along those lines, while 60 percent of organizations view biometrics as one of the most secure MFA methods, only 27 percent use the technology for employees and only 13 percent do so for customers.
BIO-key’s research also included a separate study on zero trust cybersecurity, conducted in tandem with the MFA analysis. In that survey, it found that an awareness of security threats is a key driver for organizations to adopt the strategy. For instance, of the 125 IT and security decision maker respondents, slightly more than half (53%) were influenced to adopt more secure solutions by high profile ransomware incidents, such as the SolarWinds, Colonial Pipeline and JBS cyberattacks. And, roughly four in 10 (38%) said that security issues prompted by the COVID-19 pandemic influenced their adoption of zero trust.
Additional findings include:
- An average of 70% of employees and 40% of customers are required to use MFA to access corporate applications and data.
- 26% believe passwords as an authentication method are highly secure, yet 85% of organizations still use them for employee access and 78% continue to use passwords for access by customers.
- 40% of organizations plan to implement passwordless authentication workflows for employees.
- 9% of organizations have implemented passwordless authentication workflows for customers, while 23% are planning to do so.
On implementing zero trust.
Key drivers for deploying zero trust classified as “extremely impactful” or “highly impactful” include:
- High profile ransomware incidents (53%)
- Work-from-home workforce (51%)
- General ransomware attacks (51%)
- Credential theft (45%)
- Pandemic-accelerated digital transformation (38%)
On key zero trust deployment drivers.
- 78% of respondents view secret, sensitive, and other protected information held within the organization as the most important data source to include in zero trust initiatives.
- 73% of respondents who make decisions on IAM for employees consider zero trust solutions as a key design modification.
- Bio-key’s customers span financial services, healthcare, education, manufacturing, communication, transportation, and government.
- In the MFA study, respondents worked in organizations with a median level of 1,500 employees. By contrast, in the zero trust survey, respondents came from organizations with an average of 11,992 employees but also at a medium level of 1,500 median employees.