Largely due to the expense and exposure of data that security breaches cause, cybersecurity has become a pressing issue among leaders embracing new kinds of technology into their workflows. Stemming from efforts to reduce redundancy, increase productivity, and retain employees, organizational strides in technology are giving employees access to unprecedented amounts of data at any time.
To access this data, many companies issue employees multiple logins with passwords. Two-factor authentication tools to protect the integrity of individual accounts are also increasingly being used. However, advancements in biometric technology may make the username and password login system users have become accustomed to obsolete.
Employees show acceptance of changes to data security to avoid the time-consuming process of recovering forgotten usernames and passwords. In a recent survey of about 2,000 workers by 1Password, over half (58%) said they would be open to trying other ways to log in, including giving up their precious (to some) passwords.
Acceptance of Biometrics and Passkeys
For those employees who don’t keep a list of their passwords on their devices or in a password app, playing the "forgot my password" game can be incredibly time-consuming. Seven in 10 (70%) workers told surveyors this was a regular annoyance for them. Without logins, techniques like biometrics and passkeys — passwords attached to a browser or website application that require no user input — may become more prevalent.
Exposure to this kind of technology also increases the likelihood of employees embracing further advancements in data security. About 87% of those surveyed who use biometric technology in the workplace are already open to using other tools like passkeys. Among those employees who do not use biometric technology, only 57% say they’re willing to try out passkeys.
Some of the pushback may be a knowledge gap among workers. When shown a description and example of a passkey, 75% of those surveyed said they’d be open to using it, according to 1Password.
Phishing scams have become an easy way for hackers to access data. Employees who fall victim to these breaches not only willingly give information away but can be tricked into giving specific information that would be extremely difficult to access via other intrusion methods.
Between the 67% of those who fell victim to phishing scams and the 33% who knew someone who did, all of those surveyed had either directly or indirectly been in contact with some phishing scam. According to Anthony Cusimano, director of technical marketing at Object First, CFOs must know these scams are a legitimate threat.
“Very few think a ransomware attack will hit their organization until it does,” said Cusimano. “Many cyberattacks that receive major news coverage are against large, international companies using advanced threat methods by nation-state threat actors or notorious underground cybercrime rings.”
According to him, these old-fashioned ways of accessing information still work, and all the technology on the market combined cannot overcome executive ignorance of the possibility of such attacks happening to their company.
“And while these high-profile crimes certainly do occur and can cause widespread damage, ransomware is targeting small and medium-sized businesses (SMBs) as well using the methods mentioned above, which may seem old-fashioned to some,” said Cusimano. “But criminals continue to use these methods because they continue to work.”
Among the parties that hackers claimed to be during phishing scams, banks (43%) and friends (41%) were the top impersonated people. Spouses rounded out the top three choices for scammers when phishing for information, as the closer the hacker gets to seeming legitimate to an individual, the more likely they are to get the information they’re after.
How CFOs Can Get Started
With all that is on their plates right now, executives may feel they are significantly behind in incorporating modern cybersecurity protocols and employee data protection into their systems. According to Cusimano, all hope is not lost, but it may take a significant investment to catch up.
“The first step for any CFO wanting to modernize cybersecurity efforts is to closely examine the processes and technology used to see where there is room or budget for updates,” he said. In particular, “many financial institutions use legacy technology to operate on processes developed before the internet was mainstream. It is challenging for the financial industry to update its systems because banking is a 24/7 business, every transaction must be tracked and accounted for, and there can be no disruption.”
“If updating technology is not an option, consider developing a global security office (GSO). A GSO may seem like a significant upfront investment, but in the end, it almost always pays off,” Cusimano continued. "The amount spent on security will be much less than a ransomware payout, which can total millions to billions of dollars and cripple a business.”