Financial companies get MFA, right? Right?
If there is an industry most people would think is on top of things related to identity authentication, it probably would be finance. Apparently, that is not the case.
An authentication services vendor has published a multinational report that alleges financial firms are failing to deal with compromised credentials, an area that vendor HYPR says is the “biggest threat in cybersecurity.”
Eighty percent of financial firms said they had suffered one or more breaches caused by weak authentication in the year preceding the survey.
That is a big number, but according to the survey only one-third of the victimized service firms altered anything about their authentication policies and systems.
Decision makers in large finance IT departments in the United States, United Kingdom and Germany were queried.
The kicker is that 90 percent of those decision makers felt their authentication approaches are mostly or entirely secure.
The other other kicker: 99 percent of respondents told survey-takers that their authentication strategy is inadequate.
The report states that among the conditions making the sector ripe for picking is that too many are operating legacy technologies and systems that are not up to the task.
They’re also operating with faulty information, according to the report, not realizing that using passwords as part of multi-factor authentication strategies does not make passwords more secure. The passwords make multi-factor authentication less secure.