Security has become more important than convenience, says IBM, in report that also highlights the future role of biometric authentication. But are users actually taking cyber security more seriously?
Having surveyed more than 4,000 people from around the world, IBM found that security was considered more important than either privacy or convenience in nearly all login situations (except for social media accounts, oddly, where convenience came out on top).
On the face of it, that sounds like good news. It suggests that people know it’s important to take security seriously. In contrast, research by Gartner ten years ago suggested that users largely preferred to put convenience first, so it seems we’ve come along a bit since then.
But while that’s great, it doesn’t actually show that people are actually getting any better when it comes to cyber security (in fact, cyber crime damage is expected to increase massively in future). It just proves that more people know security is important and that, when asked, are more likely to say they put it before convenience.
In fact, it could just be like when a doctor asks you what your diet is like. The right thing, to do, of course, is to be honest, but instead you find yourself downplaying the fact your only two food groups are sausage and chips - as if the medical professional before you can’t see your flab and your high blood pressure.
Similarly, some of those of who took part in IBM’s study could have exaggerated how cyber safe they are. They could have been saying security is more important than convenience, simply because they knew that’s what they were supposed to say. For all we know, their passwords could all be ‘password’.
This, unfortunately, is a problem with any statistics based on a survey - among others.
The Biometric Future
The study also showed that the majority of users (67%) are comfortable with biometric security solutions, like fingerprint readers, iris scanners and facial recognition. And 44% of respondents thought that fingerprint biometrics were the most secure authentication method – even more so than alphanumeric passwords (27%) and PINs (12%).
In this same survey, only 42% of millennials claimed to used complex passwords, rising to 49% among those aged 55 and over. With so many people not using strong passwords, it’s easy to see how biometric security could be seen as more secure: hackers can't 'guess' your fingerprint or iris pattern like they can a weak password.
Remembering complex passwords is also difficult, and only 34% of millennials and 17% of over 55s in the survey said they use a password manager. Why? Perhaps because these tools need setting up, which could be off-putting for less technical users.
They're also less convenient than, say, using a fingerprint reader, where you just put your finger on a scanner and you’re in.
As much as this study trumpets the triumph of security over convenience, its statistics point to biometrics as the future. Yet surely of the biggest draws of biometrics is the very fact it’s convenient. Not as convenient as no security at all, maybe, but easier than remembering a whole bunch of passwords or messing about with a fiddly password manager.
Furthermore, 50% of the respondents identified security as their number one concern about biometric authentication. That’s not unreasonable either, because many biometric scanners can be tricked. All it takes is for someone to create a fake copy of your fingerprint, your face, your voice or whatever, and they could access all your accounts. And unlike a password, you can’t simply change those if they get hacked.
Realistically, biometric security is great for casual situations, like unlocking your phone or your PC (assuming you don’t keep sensitive data on them), and most bioemetric hacks involve getting physical access to the device in question. Even so, passwords remain the best form of defence in many situations.
Indeed, it would be more accurate to say biometrics are better than bad passwords and poor password practice, such as storing them in plain text files
Biometric solutions are also good if you know no one can get physical access to your computer or device – if your computer is in a locked office, of example. If your mobile phone, tablet or laptop were stolen, though, and the only security you had was a fingerprint lock, it would be perfectly possible for the thieves to lift one of your prints off that very device and use it to unlock the system. Could you say the same thing about a strong password?
In the end, it’s very much a matter of horses for courses. Biometrics have their place, but what we don’t want to do is end up in a situation where everyone thinks they’re the be-all and end-all, resulting in complacency and potentially disaster.
In fact, the same can be said of any security measure. No matter what cyber security companies come up with, criminals will always be looking for ways to get around it. That's why it's so important to get all three pillars of cyber security right: people, process and technology. It's the combination of these three areas, rather than one in particular, that holds the key to defeating cyber crime.
In that light, IBM’s results are encouraging, because they show that people are becoming more aware of how cyber security is.
Yet human error still accounts for the vast majority of cyber breaches around the world, and cyber crime remains rife. All of which suggests that while we're heading in the right direction in terms of cyber security, we're very much at the beginning of our journey, and we may well take a few more wrong turns before we reach our destination.