Quarter of Firms Allow Password-Only BYOD Security

Quarter of Firms Allow Password-Only BYOD Security

Over a quarter (28%) of organizations rely solely on user-generated passwords to secure BYOD, potentially exposing countless endpoints to credential guessing, cracking and theft, according to Bitglass.

The cloud access security broker polled over 200 IT and security professionals at the recent Gartner Symposium/ITxpo conference in Orlando.

It correctly pointed out that password-based authentication systems have been responsible for several major data breaches of late, including Deloitte and Zomato.

For those that do enforce usage of multi-factor authentication (MFA) on employee handsets used at work, third-party applications (42%) and SMS tokens (34%) are the most popular flavors.

However, there’s still some resistance to using biometrics: 61% said they have reservations about Apple’s new Face ID system.

That contradicts a recent study by MFA vendor Secret Double Octopus, which found that 81% of employees in medium and large companies perceive Face ID as trustworthy, and 91% think it will be easy to use.

That said, there have been reports that Apple has allowed suppliers to reduce the accuracy of Face ID to speed up iPhone X production.

Top concerns among Bitglass respondents include the accuracy of face detection (40%), prevention of unauthorized access (30%) and speed of face detection (24%).

When it came to BYOD, the top 2018 security priorities for the IT and security leaders polled were external sharing (44.5%), malware protection (40%) and unmanaged device access (39.5%).

“Enterprises often misjudge the effectiveness of traditional security solutions, many of which are readily bypassed,” said Rich Campagna, CEO of Bitglass. “The BYOD boom exposes organizations to risks that can only be mitigated with data-centric solutions that secure access.”

A poll of over 400 IT professionals earlier this year by Dtex found that BYOD was blamed for a rise in potential insider threats.

Nearly half (48%) said detecting and mitigating insider threats is one of the top two challenges facing IT security teams today, with 51% claiming the threat grew last year.

Source: Information Security Magazine