"Financial Firms Failing to Fix Authentication Breaches"

According to a new survey conducted by a company called Vason Bourne, financial firms are failing to strengthen their authentication technologies, even after a breach.  As many as four in five financial services organizations had experienced a breach where authentication weaknesses were a factor.  However, 63% failed to update their authentication systems after the attack.  The researchers also found that 85% of financial services firms had experienced a breach, and 72% had been attacked more than once.  Almost all victims (90%) felt their existing authentication methods were good enough.  The survey of 500 IT security and data management professionals across banking, insurance, wealth management, investment, and fintech found that phishing was the most common type of attack, cited by 36% of those surveyed.  Malware and credential stuffing accounted for 31% of attacks and push notifications, a further 29%.  The researchers stated that the annual direct cost of authentication-related breaches is an average of $2.19m.  This excludes hidden and intangible costs.  In addition, a third of firms said they had lost customers to competitors as a result.  Nearly a third (29%) admitted they had lost employee data, and 26% had suffered a customer data breach.  The researchers stated that the findings come at a time when financial services is the industry sector most targeted by cybercriminals.  Even so, researchers found that a significant minority of organizations use older authentication methods such as SMS and one-time passcodes (OTPs).  Worryingly, a further 22% still rely on usernames and passwords.

Infosecurity reports: "Financial Firms Failing to Fix Authentication Breaches"