Cybersecurity must evolve to tackle rising phishing trends
As the volume of security breaches continue to rise, now is the time to move from legacy multi-factor authentication (MFA) to modern, phishing-resistant MFA, according to Yubico.
Findings from Yubico's recent State of Global Enterprise Authentication Survey found that the way enterprise authentication is managed hasn't changed fast enough. The use of a username and password (single-factor authentication) is still the most common form of authentication, which is also the least secure form of authentication.
The report found that 65% of employees in Australia and 63% in New Zealand rely on username and password as a primary means of authentication, which was higher than the global average of 59%.
Geoff Schomburgk, Yubicos Regional Vice President, Asia Pacific & Japan (APJ) said that enterprises and consumers need to be aware that not all MFA is created equal.
"Other forms of authentication, like SMS-based and mobile apps, are better than username and password, but all these methods have flaws and can be phished. Texts can be hijacked in transit, apps can be exploited and phones can get lost, broken or stolen," he says.
"Hardware security keys, such as YubiKeys, are considered by industry experts to be the gold standard for phishing-resistant MFA. They are easy to use and are designed to make enterprise and consumer lives easier by solving pain points related to account security."
Reflecting the rising trend of cyber attacks, Yubico's research found that 70% of employees in New Zealand and 78% of employees in Australia say they have been exposed to a cyber attack in their personal life over the past year.
"These attacks tend to be the result of bad actors tricking people into sharing personal information. Attackers usually approach a victim via email, phone, text message, or social media direct message, and then direct the user to a malicious look alike website which matches the look and feel of the legitimate site so victims will enter personal details there," says Schomburgk.
"It isn't just personal information that is sought after, cyber criminals sometimes hack with the intent of taking over user accounts or getting higher levels of access and freedom to move around a company's sensitive data assets."
Schomburgk explained that with phishing-resistant MFA, if hackers do gain access to a users login credentials, they are unable to, meaning their attempted attacks will fail.
"Knowing that most people encounter frequent phishing attacks, and that many companies still use usernames and passwords, stronger MFA becomes essential," he says.
"Thankfully, far more people care about protecting their account credentials, which encapsulates an important truth: people care about protecting their digital identity."
Yubico's research shows that Australian companies are slow to adopt MFA, and the survey revealed multiple reasons why including the perception that MFA is expensive, time-consuming or unnecessary. Of concern is that many organisations aren't adopting MFA because they don't believe they are at risk for a cyber attack, including 14% of companies in Australia and 10% of those in New Zealand.
"Our mission at Yubico is to make the internet safer for everyone and proper protection against cybercrime requires using MFA across all apps and services," Schomburgk says.
"Organisations have a clear opportunity to reduce risk and improve compliance by adopting phishing-resistant MFA, which is the shortcut to strong, reliable cybersecurity."