Intercede, Cifas research studies reveal weak user authentication, rise in identity fraud
Intercede recently published a research report conducted by Vanson Bourne that examines how UK systems administrators, people who manage the operation of computer systems, or those who have such access rights are protecting and securing sensitive data within their organizations.
The study found that 86 percent of those with systems administrator (sysadmins) level access rights are currently using only basic username and password authentication to login to their companies’ IT systems on-site.
In addition, 50 percent of respondents admitted that business user accounts in their organizations are ‘not very secure’.
The research shows that user authentication is currently the weakest link in the security chain with 81 percent of hacking related breaches being attributed to stolen or weak passwords.
The study found that 86 percent of respondents rely on username and password authentication when accessing their main business account on-site, 69 percent use complex passwords, and 17 percent use simple passwords.
Other authentication methods used on-site included virtual smart cards and PINs (6 percent) and biometrics such as a fingerprint or facial ID (2 percent).
When accessing business accounts off-site, 54 percent said they rely on username and password authentication, while 48 percent said they use complex passwords and 6 percent use simple passwords. Fifty-eight percent of these respondents said they work for companies serving consumers.
The research also found that the use of basic username and password authentication on-site is common across markets, ranging from 82 percent in manufacturing to 92 percent in retail, distribution and transport.
Thirty-eight percent of individuals with sysadmin access in the retail, distribution and transport sector said they use username and simple password authentication.
“Sysadmins effectively hold the ‘keys to the kingdom’, and relying on username and password authentication is a bit like relying on a basic Yale lock to secure your front door,” Richard Parris, CEO and chairman of Intercede. “Even the least security conscious of us also bolt the door with a five lever mortice lock and many go much further. In today’s age of the hack, when compromised passwords are the root of the vast majority of security breaches, UK businesses clearly need to do much more – it isn’t simply their data that is compromised, it’s ours.”
In related news, Cifas released a research study revealing that identity fraud has increased at record levels in the first six months of 2017.
The study reported a record 89,000 identity frauds, up 5 percent from last year. Representing over half of all fraud recorded by Cifas, 83 percent of identity frauds were perpetrated online.
The study reveals there has been a significant spike in identity fraudsters applying for loans, online retail, telecoms and insurance products.
Despite the decline in the number of identity fraud attempts against bank accounts and plastic cards, they still account for more than half of all identity fraud cases.
Most identity fraud occurs when a fraudster masquerades as an unassuming person looking to purchase a product or take out a loan in their name.
The study found that victims of identity fraud don’t even realize that they have been targeted until they receive a bill for something they did not buy or they are alerted to issues with their credit rating.
To successfully conduct this kind of fraud, the would-be criminals require access to their victim’s personal information such as name, date of birth, address, their bank and who they hold accounts with.
Fraudsters can obtain this information by stealing mail through to hacking, getting data on the ‘dark web’, exploiting personal information on social media, or through ‘social engineering’ where innocent parties are persuaded to submit personal information to a person claiming to be from their bank, the police or a trusted retailer.
“Criminals are relentlessly targeting consumers and businesses and we must all be alert to the threat and do more to protect personal information,” Simon Dukes, CEO of Cifas said. “For smaller and medium-sized businesses in particular, they must focus on educating staff on good cyber security behaviours and raise awareness of the social engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough.”