Four in five large GCC enterprises still rely solely on usernames and passwords for authentication to corporate networks, according to Microsoft’s Digital Transformation survey.
According to the report, the most striking finding was that, at a time when security professionals are recommending next-generation identity-management techniques such as facial recognition, biometric identification and two-factor authentication and conditional access (2FA).
Over 80 percent of large Gulf enterprises still use usernames and passwords as the exclusive means of log-in.
“The findings clearly show that many of the region’s enterprises have a long way to go to create secure environments for their customers, employees and their intellectual property,” said Mohammed Arif, regional director, Modern Workplace & Security, Microsoft Gulf.
“Traditional security models have focused on layered perimeter defence and building ‘better walls.’ Today, organisations need to have an always-on and multifaceted approach to security that constantly protects all endpoints, detects the early signs of a breach, and responds before that threat can cause damage. Modern cloud-based automated tools, including analytics based on machine learning and artificial intelligence, can help expedite response.”
As an example, Arif said Microsoft can build an intelligent security graph that can be applied to protect all endpoints, detect attacks, and accelerate responses. “Cloud providers can afford to integrate their products into holistic, machine-learning-driven, security frameworks, covering perimeter, infrastructure and data, both at rest and in transit. Far from being more vulnerable in the cloud, enterprises of all scales and industries are safer there, where they can innovate and grow with peace of mind.” He added.
Only around 11 percent used a 2FA SMS notification to support username-password authentication. About 7 percent reported using fingerprint-scanning and just under 1 percent had adopted facial recognition. In fact, the precise proportion of large Gulf enterprises using facial recognition (0.74 percent) was less than that for SMEs (1.08 percent).
The survey results also exposed a need for greater protection from unwanted emails, ranging from nuisance mail (spam) to more sinister communications (such as phishing attempts). More than half (51 percent) of those reported a 10 percent-or-higher proportion of unwanted emails in corporate inboxes. And 41 percent admitted to having clicked on links within such emails that led to unwanted websites.
The research, recently carried out by Microsoft, asked respondents from almost 1,000 GCC-based organisations a series of questions about their awareness of, and attitude to, digital transformation. Questions on security covered a range of areas, from data protection to authentication.
The survey also explored the extent to which large Gulf enterprises have classified their data. Data classification policies (the separation of data files by varying degrees of sensitivity) have long been considered by security professionals as a fundamental requirement in guaranteeing robust IP and privacy protections. However, just over 61 percent of those surveyed said their organisation did not yet have a data classification solution in place.