"Legacy Authentication Methods Responsible for 80% Of Data Breaches on Financial Institutions, but Most Refuse To Upgrade"
According to a report released by HYPR, even after experiencing data breaches, the majority of financial institutions did not change their authentication procedures. 500 data management and IT security experts from financial-related industries, including banking, investments, FinTech, insurance, and wealth management, were surveyed for the study. Eighty percent of financial organizations experienced at least one data breach in the previous 12 months. In addition, 72 percent of institutions had several breaches, with each one recording an average of 3.4 intrusions with a total estimated value of up to $2.19 million, excluding intangible and hidden costs. However, despite facing breaches, almost two-thirds (63 percent) of companies did not improve their authentication mechanisms. Furthermore, 92 percent of the institutions thought their authentication procedures were adequate. The researchers proposed that an inaccurate perception of security caused the numerous data breaches at financial institutions. Financial institutions are increasingly facing evolving threats, with 94 percent having experienced some type of attack in the previous 12 months. Phishing remained the most common threat, accounting for 36 percent of all attacks. Malware and credential stuffing (31 percent each), push notification (29 percent), and Man-in-the-Middle (MitM) attacks (27 percent) were among the top five threats confronting financial institutions, but the evolution of authentication methods used by such institutions has not kept pace with the evolving threats. The report revealed that most financial employees still rely on outdated and insufficient authentication methods. According to the study, 43 percent of employees continue to use traditional multi-factor authentication (MFA) methods like SMS and OTPs, 38 percent rely on social identity credentials, and 22 percent rely solely on usernames and passwords. This article continues to discuss key findings from HYPR's survey of data management and IT security professionals.