Use of multifactor authentication increasing, Cisco data shows

Organizations around the world — including in Canada — are increasingly adopting multifactor authentication (MFA) to improve their cybersecurity posture, a new report from Cisco Systems suggests.

The numbers, which come from an analysis of the use of Cisco’s Duo MFA platform, show authentications through Duo were up almost 15 per cent in the U.S. this year over 2021, almost 24 per cent in the U.K., and almost 25 per cent in Canada.

“We have moved well beyond the discussions of password complexity to those where investing in multi-factor authentication (MFA) and passwordless technology are mandatory costs of doing business,” Cisco concluded in a report analyzing the data.

In an interview, Dave Lewis, global advisory chief information security officer (CISO) at Cisco Canada, noted there was a 50 per cent increase in the percentage of accounts allowing passwordless WebAuthn authentication among Duo users, part of a fivefold increase in WebAuthn usage since April 2019.

“This is a very good thing to see because it [WebAuthn] is a root piece of passwordless technology.”

On the other hand, he was disappointed that the use of biometrics on smartphones for logins among Duo users “have sort of plateaued at 81 per cent. He suspects that’s because in the first years of the pandemic — 2020 and 2021 — IT leaders rushed to get employees working online from home without always taking security procedures into account.

Evidence of that is remote access authentications on Duo peaked in 2020 but have declined since then, reaching lower than pre-pandemic levels.

Im very optimistic that next year when we run through the data we’ll see the number has climbed,” Lewis said.

The analyzed data from more than 13 billion authentications on Duo, from over 49 million devices worldwide, between June 1, 2021 and May 31, 2022.

Among other findings

-less than 1 per cent of organizations using Duo implement explicit deny or allow location policies. However, among those enterprises that do deny geographic locations, they block either Russia or China 91 per cent of the time. Sixty-three per cent block both countries;

–the percentage of login authentication failures due to devices with out-of-date applications increased by almost 52 per cent between 2021 and 2022, despite the fact that the percentage of Duo users with policies governing out-of-date devices decreased 7.1 per cent.

–users in the education sector again had the highest number of out-of-date browsers on their devices (56.7 per cent), followed by healthcare (52.3 per cent), retail/catering/leisure (46.3 per cent), legal (45.4 per cent), and travel/transport (44 per cent).

“Lingering security debt that remains in organizations will continue to provide adversaries with targets of opportunity,” the report notes. “Companies need to hone their craft and better focus on access control and dealing with deprecated systems that may continue to operate in their environments long past their life expectancy. Patching has been much maligned by security practitioners over the years — not because it shouldn’t be done, but rather because no one ever wants to do it. As a result, issues crop up, with long‑published vulnerabilities being made into exploits that realistically should not hold any sway in modern enterprises. Yet, they wait on the wire.

“Making use of multi-factor authentication and/or passwordless authentication models are essential for the modern business enterprise.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now