At the beginning of 2021, over 500 million Facebook users’ data was stolen. This summer, the online professional network LinkedIn ended up in the headlines when hackers put the data of more than 700 million of its users up for sale. Just recently, Amazon’s game-streaming service Twitch became the next high-profile victim as its app source code, and overviews of its payments to streamers were published as a torrent. These are only three out of the many cases that have been reported. Major corporations are increasingly falling victim to large-scale data theft. This is alarming in itself. But it doesn’t end there: in a survey conducted for the Nevis Security Barometer 2021, roughly one-third of respondents said that it was only through media coverage that they’d learned about a cyberattack on an organisation whose services they use. How can it come to this? The Nevis Security Barometer offers insights into this question as well. The study sheds light on questions such as IT decision-makers’ attitudes towards two-factor authentication (2FA) and how this method can help combat cybercrime.
In April 2021, Nevis surveyed 500 German IT decision-makers and 1,000 German consumers aged 14 and over for its representative study in cooperation with the opinion research companies Civey and mo’web research. The Security Barometer 2021 focuses on topics such as login behaviour, the handling of password security, and customers’ and companies’ attitudes to passwordless authentication.
The fact that a third of respondents first learned about a company’s loss of their customer data to cyber criminals through the news is enough to cause alarm in and of itself. A further study finding puts companies’ information policies on this sensitive point into an even worse light: over 36% of participants have no information regarding whether a company they are customers with has become the victim of a data attack.
2FA for better security
It is understandable that companies don't shout about cyberattacks from the rooftops. But the question does arise: why are internet criminals still so successful, and how can companies improve security as regards their customer data? An important factor to note is that it is not only the number of cyberattacks that are rising worldwide but also that attackers are constantly employing new and more sophisticated methods. IT decision-makers in companies thus face an enormous challenge when it comes to guaranteeing the security of the data they have been entrusted with.
One very secure way of protecting customer data against unauthorised access during login is two-factor authentication or 2FA for short. In this process, the familiar elements – user name and password – are supplemented by at least one additional factor. The password is the first factor. But entering the correct password alone is insufficient to grant the customer access to the secure area. There is a second factor that acts as an additional security barrier. This second factor can be something like a smartphone authenticator app. As the constant companion of most users today, smartphones are an excellent choice here.
What’s more, modern smartphones feature sensors that enable biometric authentication – meaning that secure and definitive identification is provided by analysing the user’s fingerprint (Touch ID) or face (face ID) or the pattern of their iris. Biometric data of this kind is considered highly forgery-proof. And even if passwords or user names should fall into the wrong hands, companies and consumers that use 2FA are at a clear advantage because without the second factor, criminals won’t make it any further through the login procedure.
The perceived value of 2FA in companies
Nevertheless, the Nevis Security Barometer study findings suggest that the advantages of 2FA are not sufficiently known. When asked about the value of this method of authentication, only 42% of IT decision-makers noted the minimisation of risk to their companies, and even fewer (only 38%) cited improved security for customers. A quarter of respondents could not specifically answer why 2FA is used. Moreover, fewer than a quarter indicated that their organisations offer 2FA for all customer accounts.
All this adds up to the finding of the Nevis Security Barometer that IT experts apparently lack knowledge and awareness of the advantages of 2FA for security. A positive customer experience, however, also hinges on whether the customer has the impression that their data is safe in a company’s hands. Since login is a key component of the first impression – for which, as we all know, there is no second chance – companies should not fail to acknowledge the security benefit 2FA offers.
Incidentally, further findings of the representative study on IT and login security are available in the Nevis Security Barometer.