Yubico Unveils Needed Awareness Around Phishing-Resistant MFA

Yubico Unveils Needed Awareness Around Phishing-Resistant MFA

By Greg Tavarez

I remember a time when all that was needed was a strong password or a one-time password to act as a strong defense against attacks that lead to data breaches. But as attacks have become more sophisticated, the weaknesses of password-based authentication are glaring (as they leave businesses vulnerable to attacks such as brute-force, phishing and credential stuffing). These attacks are costly for businesses in terms of lost revenue, legal fees and reputational damage.

The rise of cloud-based services and remote work is only adding fuel to that fire, as traditional security measures such as firewalls and VPNs are no longer sufficient to protect against attacks. This has resulted in the need for stronger authentication methods, such as multi-factor and adaptive authentication.

Still, IT leaders continue to rely on the least secure forms of authentication, including traditional usernames and passwords and one-time passwords. In a report from Yubico, only 46% of respondents protect their enterprise applications with MFA.

Hmm. This is a bit concerning, considering that 59% of respondents reported having a security breach within the past year, up 6% from just two years ago.

Seeing those results prompted Yubico to dive a bit deeper with its research. For those unfamiliar with Yubico, the hardware authentication security keys provider created security solutions based on an open standard and is a co-founder of the FIDO Alliance, which is dedicated to developing open, interoperable authentication standards. Yubico developed the YubiKey, which is a security key that provides strong MFA and eliminates the need for passwords.

Looking at the specific methods of authentication, the Yubico survey found that one of the least secure methods is the most deployed – usernames and passwords at 91%. Hardware-based USB security keys at 62%, biometrics at 59%, passwordless MFA at 58% and smart cards at 58% are the least deployed.

Those stats are appalling considering the amount of times companies preach about being the most secure and adopting solutions that mitigate all data breaches. But the survey revealed a stat that makes it not surprising at all.

Regarding the Executive Order on cybersecurity issued by President Joe Biden in May 2021 in response to the U.S. Office of Management and Budget issued Memo M-22-09, the survey found that only two-thirds have heard of the executive order and related OMB guidance regarding phishing-resistant MFA, and 91% of respondents report being familiar with FIDO standards. 

While many organizations have responded to the call for more secure forms of authentication, there is still a need to spread awareness and increase education around phishing-resistant MFA overall.

“Not all MFA is equal, and even though businesses know legacy MFA tools are not effective to stay secure, we’re seeing they're still using them as primary tools of defense,” said Ronnie Manning, Chief Marketing Officer of Yubico. “Now more than ever, education around the importance of phishing-resistant MFA is critical to officially move away from legacy MFA tools that are leaving thousands of businesses exposed to cyberattacks around the world.”

If one thing that should be taken from the survey, it’s that businesses continue to rely on outdated authentication methods, thus putting themselves at risk of cyberattacks and data breaches. By adopting more secure authentication methods, businesses better protect themselves and their customers.




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

Shining a Light on the Dark Web: Searchlight Cyber Debuts Comprehensive Hub

By: Greg Tavarez    3/28/2024

The Dark Web Hub is a one-stop shop for crucial context and continuously updated information on dark web marketplaces, ransomware actors, hacking foru…

Read More

Stellar Cyber and Trellix Bridge the Gap in Security Operations

By: Greg Tavarez    3/28/2024

Stellar Cyber announced the integration with Trellix Endpoint Security HX to allow customers to deploy more robust security solutions and improve thei…

Read More

CyberSaint Raises $21M in Series A Funding to Continue Securing its CyberStrong Customers

By: Alex Passett    3/27/2024

CyberSaint announced that it succeeded in a huge $21 million Series A funding round. This was led by Riverside Acceleration Capital (RAC) with other i…

Read More

US Education Receives Security Upgrade with Free Browser Protection Offered by Conceal, Carahsoft

By: Greg Tavarez    3/27/2024

Conceal and Carahsoft recently unveiled an initiative to fortify the cybersecurity infrastructure of U.S. educational institutions.

Read More

Cato's AI Takes Control of Security and Incident Response

By: Greg Tavarez    3/27/2024

With Cato's recently announced Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and conduct root c…

Read More