Attacks/Breaches

11/17/2009
12:28 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey: User Name/Passwords Used By 99% of European Firms, But PKI On The Rise

77% of those surveyed use PKI as a preferred method for remote access security77% of those surveyed use PKI as a preferred method for remote access security

NEWTON, MA " Nov. 16, 2009 -- According to a survey by market research institute DT&P international, which was commissioned by TC TrustCenter GmbH, a company of ChosenSecurity, the combination of user name and password remains the most commonly used authentication method (99% of respondents authenticate in this way) for remote access among European firms surveyed.

In the background, Public Key Infrastructure (PKI), in the form of digital certificates, is making headway, showing real momentum as a means of granting remote access. In fact, 77% of those surveyed use PKI as a preferred method for remote access security in addition to user name and password.

The survey, conducted in August 2009, focuses on the handling of remote access security by European companies of over 500 employees. Respondents included organizations from IT services, consulting, insurance and utilities industries.

The survey highlights that businesses see high levels of security as a necessity when accessing data remotely. Other selection criteria that were depicted through the survey results as being essential to remote access security include low administrative overheads, access locking capabilities and reasonably low training requirements. On demand certificate management services users have been able to benefit from these functions as well as the ability to quickly and safely replace lost, defective or forgotten access tokens.

Although high levels of security were shown in the survey to be a primary concern, surprisingly, the majority of respondents reported that their businesses did not currently use strong access keys such as hardware tokens and Trusted Platform Modules (TPM). Instead, medium security methods such as digital keys and certificates proved more popular. Only 24% of respondents are currently using hardware tokens, and only 25% use TPM devices, which are essentially crypto chips in a laptop that work like integrated smart card devices.

"The survey has shown that digital trust applications have come of age and are commonly used by businesses," said John Adams, CTO at ChosenSecurity. "The universal nature and the advanced integration of PKI systems with identity management systems, alongside the easy handling that comes with it, is clearly indicated by the results of the survey."

About TC TrustCenter

For more than 10 years TC TrustCenter provides world wide trust to digital communication between employees, clients, partners and suppliers. As one of the first Trustcenters we provide world wide trust to the internet and electronic B2B Business with our Managed Services. In Europe as well as in the US, TC TrustCenter has a broad range of project and industry experience regarding PKI, and has worked with a broad range of international customers. The TC TrustCenter portfolio ranges from solutions for Phishing Protection, Security of Online Transactions and Electronic Invoicing as well as broader PKI solutions and Managed Security Services. Our On-Demand Digital Identity solutions are cost-efficient, highly secure and fast to implement. TC TrustCenter is accredited according to the German Signature Act, European Signature Act, Identrust, SAFE, T"VIT and SISAC.

About ChosenSecurity, Inc. (www.chosensecurity.com)

ChosenSecurity provides digital trust between employees, clients and suppliers doing business electronically through on-demand certificate management services. The company's solutions enable a wide range of digital trust applications to provide strong authentication, secure e-mail, digital signatures, data encryption and support compliance with privacy and other regulations. ChosenSecurity was the first to provide digital certificate management through a Software as a Service model and remains the leader through its breakthrough economics, versatility and implementation speed for enterprises. Unlike traditional PKI and private certificate authority options, ChosenSecurity solutions can be implemented in 70% less time and 70% less cost.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Cybercriminals Think Small to Earn Big
Dark Reading Staff 3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.