New survey reveals that 61 percent of SMBs believe MFA is only accessible for enterprises
“We know that a massive portion of data breaches involve lost credentials and since cyber criminals target organisations of any size, MFA is now a prerequisite for all businesses,” said Alex Cagnoni, director of Authentication at WatchGuard. “In the absence of MFA, cyber criminals can utilise a variety of techniques to acquire usernames and passwords, such as spear phishing, social engineering and buying stolen credentials on the dark web, to gain network access and then steal valuable company and customer data. With AuthPoint, we’re breaking down longstanding barriers between SMBs and MFA adoption with a solution that is affordable, easy to deploy and vastly scalable – all of which is made possible by WatchGuard’s cloud-based approach to authentication.”
WatchGuard’s AuthPoint solution is a cloud service that can be deployed and managed from any location without the need for expensive hardware components. The service relies on WatchGuard’s AuthPoint app to facilitate user authentication. As the most effective and accessible MFA solution for SMBs, AuthPoint’s key features include:
- AuthPoint App – Once downloaded and activated on a smartphone, WatchGuard’s AuthPoint app enables users to view and manage any login attempts – by way of push notifications, one-time passwords or QR code entries for those in offline scenarios. Additionally, the app is equipped to store third-party authenticators such as Google Authenticator, Facebook access, Dropbox, and more.
- Mobile Device DNA – WatchGuard uses an innovative approach to user authentication called Mobile Device Authentication DNA that distinguishes cloned login attempts from legitimate ones. The AuthPoint app creates personalised ‘DNA’ signatures for users’ devices and adds them to the authentication calculation. The result is that authentication messages not originating from a legitimate user’s phone will be rejected.
- Cloud-based Management – As a cloud-based solution, the AuthPoint service comes with a convenient, intuitive interface for businesses to view reports and alerts and configure and manage deployments. Enabled from the cloud, AuthPoint requires no on-premises equipment, which cuts down on costly deployment and management activities.
- Third-Party Integrations – WatchGuard’s ecosystem includes dozens of third-party integrations with AuthPoint. This allows companies to mandate that users undergo the authentication process before accessing sensitive cloud applications, VPNs and networks. Moreover, AuthPoint supports the SAML standard, allowing users to log on once to access a full range of applications and services.
“Cloud-based multifactor authentication services provide an alternative to on-premises products for MSEs to implement strong authentication. MFA provides mitigation against account takeover and can significantly reduce the risk of phishing attacks. These services potentially provide total cost of ownership (TCO) benefits over legacy on-premises software or hardware deployments. Further, TCO benefits can accrue from choice of modern authentication methods (such as phone-as-a-token methods) that also provide good security combined with improved user experience.” Gartner: Midsize Enterprise Playlist: Security Actions That Scale, by Neil Wynne, James A. Browning, Published: 10 May 2018 ID: G00355786.
“With the launch of AuthPoint, WatchGuard has extended its product portfolio with a vital security offering that is often overlooked by SMBs and has done so in a way that is easy for the channel to sell, deploy and manage,” said Rebecca Fernyhough, account manager at UK channel partner Epic Network Support. “AuthPoint’s cloud-based architecture means we can easily onboard new customers, allocate licenses, segment permissions and report on their activity from a single, easy-to-use interface. WatchGuard has built AuthPoint keeping both the success of its channel partners and the security of our customers in mind.”
KEY SURVEY FINDINGS:
Password security is still a major issue among companies with less than 1,000 employees:
- Although most IT managers surveyed claim they provide some password training or policies to employees, 47 percent believe that employees still use weak passwords, 31 percent believe employees use network passwords for personal applications and 30 percent believe that employees share passwords.
- 84 percent of surveyed IT managers would prefer technology solutions in place to enforce password best practices, rather than relying on password policies and training.
- Nearly half of surveyed IT managers (47 percent) suspect that their employees use simple or weak passwords, while only 18 percent believe employees don’t engage in any risky information security behaviours.
These companies need an intuitive, cost-effective MFA solution:
- Just over 61 percent of IT managers at companies with less than 1,000 employees believe MFA services are designed for companies larger than theirs.
- Of companies that don’t currently use an MFA solution, their top reasons for not purchasing one are that MFA would be difficult to implement, maintain and support, and that it would be too expensive. Inter-organisational resistance to an MFA deployment was also a common concern.
- 47 percent of companies currently using an MFA solution have implemented a version of SMS authentication methods, which are insecure and can be spoofed by a determined attacker. Also, 38 percent of companies using an MFA solution have hardware tokens, which are hard to manage, and can be lost or stolen.
This survey was conducted by CITE Research on behalf of WatchGuard. It covers small business owners and IT managers or higher at companies with less than 1,000 employees in the United States, the UK and Australia. For the complete survey findings, download the full report here https://www.watchguard.com/wgrd-resource-center/authpoint-survey. To learn more about WatchGuard’s new AuthPoint service, visit www.watchguard.com/authpoint.
- Report: Poor Password Handling and the Rise of Multi-Factor Authentication
- InfoGraphic: Passwords have failed, so what’s next?
- White paper: Protecting Your Network Assets with MFA
- AuthPoint Datasheet
- Solution Brochure
About WatchGuard Technologies, Inc.
WatchGuard® Technologies, Inc. is a global leader in network security, secure Wi-Fi, multi-factor authentication, and network intelligence. The company’s award-winning products and services are trusted around the world by nearly 10,000 security resellers and service providers to protect more than 80,000 customers. The company’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for distributed enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.
For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Subscribe to The 443 – Security Simplified podcast at Secplicity.org, or wherever you find your favorite podcasts.
Chris Warfield, WatchGuard Technologies
+ 206.876.8380, email@example.com