Use of multifactor authentication increasing, Cisco data shows

Share post:

Organizations around the world — including in Canada — are increasingly adopting multifactor authentication (MFA) to improve their cybersecurity posture, a new report from Cisco Systems suggests.

The numbers, which come from an analysis of the use of Cisco’s Duo MFA platform, show authentications through Duo were up almost 15 per cent in the U.S. this year over 2021, almost 24 per cent in the U.K., and almost 25 per cent in Canada.

“We have moved well beyond the discussions of password complexity to those where investing in multi-factor authentication (MFA) and passwordless technology are mandatory costs of doing business,” Cisco concluded in a report analyzing the data.

In an interview, Dave Lewis, global advisory chief information security officer (CISO) at Cisco Canada, noted there was a 50 per cent increase in the percentage of accounts allowing passwordless WebAuthn authentication among Duo users, part of a fivefold increase in WebAuthn usage since April 2019.

“This is a very good thing to see because it [WebAuthn] is a root piece of passwordless technology.”

On the other hand, he was disappointed that the use of biometrics on smartphones for logins among Duo users “have sort of plateaued at 81 per cent. He suspects that’s because in the first years of the pandemic — 2020 and 2021 — IT leaders rushed to get employees working online from home without always taking security procedures into account.

Evidence of that is remote access authentications on Duo peaked in 2020 but have declined since then, reaching lower than pre-pandemic levels.

Im very optimistic that next year when we run through the data we’ll see the number has climbed,” Lewis said.

The analyzed data from more than 13 billion authentications on Duo, from over 49 million devices worldwide, between June 1, 2021 and May 31, 2022.

Among other findings

-less than 1 per cent of organizations using Duo implement explicit deny or allow location policies. However, among those enterprises that do deny geographic locations, they block either Russia or China 91 per cent of the time. Sixty-three per cent block both countries;

–the percentage of login authentication failures due to devices with out-of-date applications increased by almost 52 per cent between 2021 and 2022, despite the fact that the percentage of Duo users with policies governing out-of-date devices decreased 7.1 per cent.

–users in the education sector again had the highest number of out-of-date browsers on their devices (56.7 per cent), followed by healthcare (52.3 per cent), retail/catering/leisure (46.3 per cent), legal (45.4 per cent), and travel/transport (44 per cent).

“Lingering security debt that remains in organizations will continue to provide adversaries with targets of opportunity,” the report notes. “Companies need to hone their craft and better focus on access control and dealing with deprecated systems that may continue to operate in their environments long past their life expectancy. Patching has been much maligned by security practitioners over the years — not because it shouldn’t be done, but rather because no one ever wants to do it. As a result, issues crop up, with long‑published vulnerabilities being made into exploits that realistically should not hold any sway in modern enterprises. Yet, they wait on the wire.

“Making use of multi-factor authentication and/or passwordless authentication models are essential for the modern business enterprise.”

The post Use of multifactor authentication increasing, Cisco data shows first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

Starbucks Forced to Pay Baristas Manually After Ransomware Attack

A ransomware attack on Blue Yonder, a third-party scheduling software provider, has disrupted Starbucks’ ability to manage employee...

Google Launches Free Cybersecurity Certificate for Entry-Level Jobs

Google has introduced a new Cybersecurity Professional Certificate, aimed at preparing students for entry-level roles in just six...

Critical Vulnerability Leaves Millions Of Sites Vulnerable To Takeover

A severe authentication bypass vulnerability has been discovered in the WordPress plugin "Really Simple Security" (formerly *Really Simple...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways