Security pros unsure on facial recognition with fingerprints on top, survey finds

Apple’s shiny new iPhone X will include ‘Face ID’ biometrics – but security practitioners appear to have their doubts over the technology’s perceived benefits.

Cloud security software provider Bitglass polled 129 attendees at the Black Hat conference in Las Vegas in July and found that for one in five (19.4%) respondents, facial recognition was considered the least effective security tool, only ahead of password-protected documents (33.3%).

Fingerprints – cited by 3.1% - was therefore seen as the most effective security tool, ahead of mobile device management (MDM) with 11.6%, network firewalls (11.6%) and access controls (15.5%).

When it came to the other side of the equation – which method of hacking and extracting information was the most effective – phishing was by far the most popular choice, cited by 58.9% of respondents. Malware, ransomware and spyware were all categorised into one option and polled just over a quarter (26.4%) of the vote, with physical device theft (6.2%) and Wi-Fi spoofing (4.7%) trailing.

Perhaps inevitably, unmanaged devices got the majority of the blame when it came to the biggest blind spot for enterprise data, cited by 61.2% of respondents. Those polled also cited systems which were not up to date (55%) as being an issue, mobile devices (36.4%), data at rest in the cloud (26.4%), and traditional on-premises security (20.9%).

“Corporate security efforts are struggling to keep up with the proliferation of BYOD,” said Rich Campagna, CEO of Bitglass. “Enterprises must ensure that employees can securely access data from any device, including unmanaged mobile devices. Controlling data, its location, and access to that data are critical capabilities to prevent data leakage and hacking.

“The fact that phishing was ranked as the number one method of data exfiltration is particularly worrying given the challenges around securing BYOD,” Campagna added. “With little visibility into unmanaged devices, companies can struggle to identify and respond to phishing and malware.”

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.