42% of IT and Security Managers Say Their Organizations Have Been Breached as a Result of User Password Compromise
EMA’s research highlights the importance of context-aware security and zero password authentication to ensure only compliant devices, users, apps and networks can access business services
MOUNTAIN VIEW, Calif., March 5, 2020 - MobileIron (NASDAQ:MOBL), the company that introduced the industry’s first mobile-centric, zero trust platform for the enterprise, today announced the results of a research report that found passwords remain the dominant method of authentication and top cause of data breaches. The report also highlighted the importance of a zero trust security strategy that provides context-aware, conditional access to a device or user.
MobileIron sponsored the EMA report, “Contextual Awareness: Advancing Identity and Access Management to the Next Level of Security effectiveness,” to identify the requirements, challenges, value, and optimal approaches for implementing context-aware identity and access management (IAM) platforms. EMA surveyed 200 IT and security managers and looked at a range of IAM technologies.
“The digital workplace is driving transformation within organizations of all sizes as employees are increasingly accessing business apps and data from locations outside of their offices and homes,” said Steve Brasen, research director of endpoint and identity management at EMA. “At the same time, mobile threats are increasing. More than 60 percent of respondents indicated their organization had experienced a security breach in just the last year. Organizations need to implement context-aware security and passwordless authentication to dynamically adapt to modern threats while removing the friction that is inhibiting end user productivity.”
The report reinforced that it’s time to make passwords a thing of the past. Below are a few key findings:
- The username/password continues to be the dominant method of authentication used to access business devices, apps and data.
- The password is still the top attack vector for organizations of all sizes, with 42% of respondents indicating their organization had been breached as a result of a user password compromise.
- Poor password hygiene is also a top cause of data breaches, with 31% of respondents indicating their organization had been breached as a result of user credentials being shared with an unauthorized peer.
- Phishing attacks, which are designed to harvest employee credentials, are prevalent. Twenty-eight percent of respondents indicated their organization had been breached as a result of a successful phishing attack.
- IT and security managers are most confident in the ability of hardware tokens/security keys, thumbprints, and mobile devices to prevent access-based security breaches, compared to other authentication methods like passwords and PINs.
“We all know that passwords are antiquated and open us up to even more cyber threats,” said Rhonda White, Chief Marketing Officer at MobileIron. “Organizations urgently need to replace passwords with a secure and frictionless alternative. Making mobile devices the primary form of authentication to enterprise cloud services provides the best user experience for employees and significantly reduces the risk of data breaches for security leaders.”
MobileIron’s zero trust security platform allows for continuous enforcement and protection of data, both on the device and on the network, with comprehensive context-aware correlation between the user, device, apps, networks, and threats. MobileIron’s platform also includes a revolutionary zero sign-on experience that eliminates passwords as the method for user authentication.
To download a complimentary copy of the EMA survey results, please visit here.
MobileIron is redefining enterprise security with the industry’s first mobile-centric, zero trust platform built on the foundation of unified endpoint management (UEM) to secure access and protect data across the perimeter-less enterprise. Zero trust assumes that bad actors are already in the network and secure access is determined by a “never trust, always verify” approach. MobileIron goes beyond identity management and gateway approaches by utilizing a more comprehensive set of attributes before granting access. A mobile-centric, zero trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user.
The MobileIron security platform is built on the foundation of award-winning and industry-leading unified endpoint management (UEM) capabilities with additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat defense (MTD). Over 19,000 customers, including the world’s largest financial institutions, intelligence agencies and other highly regulated companies, have chosen MobileIron to enable a seamless and secure user experience by ensuring only authorized users, devices, apps, and services can access business resources.