Security pros unsure on facial recognition with fingerprints on top, survey finds
Apple’s shiny new iPhone X will include ‘Face ID’ biometrics – but security practitioners appear to have their doubts over the technology’s perceived benefits.
Cloud security software provider Bitglass polled 129 attendees at the Black Hat conference in Las Vegas in July and found that for one in five (19.4%) respondents, facial recognition was considered the least effective security tool, only ahead of password-protected documents (33.3%).
Fingerprints – cited by 3.1% - was therefore seen as the most effective security tool, ahead of mobile device management (MDM) with 11.6%, network firewalls (11.6%) and access controls (15.5%).
When it came to the other side of the equation – which method of hacking and extracting information was the most effective – phishing was by far the most popular choice, cited by 58.9% of respondents. Malware, ransomware and spyware were all categorised into one option and polled just over a quarter (26.4%) of the vote, with physical device theft (6.2%) and Wi-Fi spoofing (4.7%) trailing.
Perhaps inevitably, unmanaged devices got the majority of the blame when it came to the biggest blind spot for enterprise data, cited by 61.2% of respondents. Those polled also cited systems which were not up to date (55%) as being an issue, mobile devices (36.4%), data at rest in the cloud (26.4%), and traditional on-premises security (20.9%).
“Corporate security efforts are struggling to keep up with the proliferation of BYOD,” said Rich Campagna, CEO of Bitglass. “Enterprises must ensure that employees can securely access data from any device, including unmanaged mobile devices. Controlling data, its location, and access to that data are critical capabilities to prevent data leakage and hacking.
“The fact that phishing was ranked as the number one method of data exfiltration is particularly worrying given the challenges around securing BYOD,” Campagna added. “With little visibility into unmanaged devices, companies can struggle to identify and respond to phishing and malware.”
- » CIO job responsibilities in 2018: Driving business transformation and innovation
- » The real state of DevSecOps: Checking on automation, speed, and accuracy
- » Five secrets of successful CISOs: Communication, regulation, and more
- » Organisations struggling with seamless customer experiences, MuleSoft argues
- » Dealing with insider threats and keeping your enterprise secure: A guide