Current Corporate Authentication Systems Are Not Secure
(14/02/2008)

According to Positive Networks' new survey “IT Security & Authentication: Key Concerns in 2008”, IT professionals are concerned that they do not have the appropriate security practices in place. 20% admitted to a breach that included some loss of sensitive data or allowed access to restricted resources. 70% suggested that their current practices for authentication were not secure.

The “IT Security & Authentication: Key Concerns in 2008” survey reveals that while IT professionals face a growing list of priorities, security ranks as a top concern. The worry about security blurred the lines between protecting company assets and personal assets with results demonstrating even greater worry related to identity theft and privacy concerns. 93% of respondents indicated serious concerns about company security relating to data protection and network security. Only 3% indicated that IT security was not a priority for 2008.

In particular, IT professionals noted that authenticating and restricting access to appropriate users is a priority with 84% rating it as a serious or high level concern. Furthermore, for nearly half of respondents (48%), their current focus on IT security is higher than in previous years.

Nearly 1 in 5 respondents indicated that their company’s network or data had been compromised, with an overwhelming 70% of respondents not believing that usernames and passwords provide an adequate level of security. IT professionals recognize the need for improved authentication standards, but have struggled with the complexity and cost of previous two-factor authentication offerings.

The “IT Security & Authentication: Key Concerns in 2008” Survey Results include:
* Current Corporate Authentication Systems Are Not Secure - Over half (58%) of respondents rate their company’s current authentication systems as only somewhat secure or worse. Only 10% rate their current authentication systems as very secure.
* Two-Factor Authentication Recognized as a Need - If most respondents rate their current authentication systems poorly, then why haven’t more companies implemented two-factor authentication already? The top responses include: Cost (33%), Time to deploy and manage (29%), User inconvenience (23%).
* Could A Phone Be Used As The Authentication Device? – Respondents support the idea that a phone (mobile or landline) could be used as the second factor in two-factor authentication to increase user adoption rates. They suggested that mobile phone use among professionals was nearly ubiquitous, and 72% mentioned that their company provides mobile phones for some portion of their employees to use.
* Personal Security Preferences Analyzed – Security Concerns High - The survey also asked IT professionals about their perspectives on securing access to their own personal and financial information. Most (84%) ranked their level of concern as being moderate to very high with nearly two-thirds indicating a very high level of concern. A slight majority (53%) indicated a higher level of concern than in previous years.
* IT Professionals More Concerned About Personal Data Protection – Interestingly, 78% of respondents indicated that they did not believe usernames and passwords provided adequate security for accessing their own personal and financial information online. Responses to questions in this area indicated a greater level of concern about security as it relates to personal data than company data.
* Identity Theft High Even Among IT Professionals - One in five respondents (virtually all of whom are IT professionals) have experienced identity theft personally. Most take some precautions – 96% use strong passwords, 38% change their passwords at least once a month, and 57% do not use the same password for multiple logins.

“PhoneFactor has made secure two-factor authentication inexpensive and simple for both administrators and end-users,” said Evan Conway, EVP & Chief Privacy Advocate with Positive Networks. “It is no longer acceptable for companies to rely on usernames and password to protect sensitive data.”