Businesses nationwide are increasing their cyber security budgets and exploring alternative authentication techniques to passwords, according to a SecureAuth survey.
Commissioned in conjunction with Wakefield, the responses surveyed more than 300 IT security professionals in the U.S., and found a whopping 59 percent of professionals surveyed said their company experienced a data breach in the last 12 months.
"It is very concerning that such a high percentage of the companies surveyed have been breached," Craig Lund, SecureAuth's CEO, told eWEEK. "I do this for a living, and I was shocked by the number. It's really quite extraordinary. The findings indicate companies are genuinely vulnerable and they add credence to the notion that breaches have become commonplace."
The survey revealed nearly all (95 percent) of respondents think their companies will increase their security spending in the next year. Of that number, nearly half (44 percent) expect to do so by 20 percent or more.
"The threat landscape is amazingly sophisticated. In a way, we should be looking at it as a big business, in that there is so much money at stake and so much money being funneled into the actual attack execution," Lund said. "With this in mind, one of our mantras here is that companies should assume they're going to be breached at some point—and prepare accordingly."
While 62 percent of respondents report that managing the consequences of data breaches cost their companies more than protecting against them, IT professionals face an ongoing battle, owing to market pressures that tend to get in the way of prioritizing proactive cyber security.
The survey found 87 percent of cyber-security professionals indicate that their company is frequently forced to choose between user experience and greater security.
"For someone with a limited budget, my advice is to deploy an adaptive multi-factor authentication system offering numerous authentication options," Lund said. "Putting in this type of flexible platform means you can apply more or less security to the resources you are trying to protect. Therefore, you save money putting high security only on the applications you need."
He noted, furthermore, that if one of the authentication methods becomes compromised, businesses don't have to rip out the whole system. Instead, they can redirect with an alternative method.
"The key here is to prevent misuse of valid credentials," he explained. "It’s like putting a good lock on your front door; while that flashy and expensive security system may seem eye-catching, you can't discount the simple effectiveness of the lock."