Although 94 percent of Flemish companies use some form of MFA, SMEs are lagging far behind in implementing the technology across their entire organization. A small minority still have no plans to adequately secure themselves.
Multi-factor authentication (MFA) as a concept is becoming established among Flemish companies. 94 percent already use MFA. This is according to a survey conducted by Visma among 337 Flemish professionals, 203 of whom work in SMEs and 134 in larger companies.
Partial implementation
However, this does not mean that Flemish organizations are now adequately protected against phishing attacks and hackers armed with stolen login details. After all, the implementation of MFA still leaves much to be desired, especially among SMEs.
read also
Only 43 percent of Flemish SMEs use MFA throughout their organization
For example, 43 percent of SMEs indicate that they effectively use MFA organization-wide for all applications. For 42 percent, MFA is only active for specific systems, and eight percent even integrate two-step verification only for online banking.
Large Companies in the Lead
That is much worse than in large companies, where 61 percent have rolled out MFA across the entire organization and 28 percent only for specific systems. Whether a company has sufficient security depends on which systems are not secured with multi-factor authentication.
The figures further show that SMEs are making a major catch-up. 48 percent of respondents implemented MFA in the last year and another 36 percent one to two years ago. Barely fifteen percent have been using MFA for longer than two years. For large companies, that is 37 percent, and 34 percent between one and two years. 28 percent implemented MFA in the past year.
Laggards
It is noticeable that the biggest difference between SMEs and large companies is visible in the total or partial implementation of MFA. The number of real laggards is about the same, regardless of the size of the company.
For example, seven percent of large organizations also use MFA only for banking, and in both cases, four percent are still planning. Respectively two percent and one percent for SMEs and large companies have no MFA and have no plans.
Better than the Netherlands
It is noticeable that Flanders is doing better than the Netherlands. Looking at all organizations from the survey regardless of size, we see that in our country 50 percent have already rolled out MFA organization-wide, compared to only 41 percent among our northern neighbors.
The motivation to implement MFA varies. For many companies (27 percent), an internal need for more security plays a role, but the increase in the threat (24 percent) also plays a role. Sixteen percent choose MFA because the IT supplier suggests it. It is noticeable that eleven percent of SMEs and nine percent of large companies took the step to MFA after a (near) incident.
Finally, the research shows that the authenticator application is the most popular tool for MFA (28 percent). SMS is even more important for SMEs (fifteen percent) than for large companies (seven percent).
Important Measure
The implementation of MFA is the most important security measure a company can take. The majority of cyberattacks today have something to do with login credentials in one way or another. The saying “hackers don’t break in, they log in” still applies. With MFA, the success of such attacks is reduced by more than 90 percent.
The figures from the research are somewhat reassuring: the majority of companies already use MFA for at least some systems. It is a good idea to first secure critical systems such as online banking, accounting software, but also mail and cloud services. In an ideal scenario, MFA covers the entire organization, preferably via a single sign on (SSO) solution.