Yubico Unveils Needed Awareness Around Phishing-Resistant MFA

Yubico Unveils Needed Awareness Around Phishing-Resistant MFA

By Greg Tavarez

I remember a time when all that was needed was a strong password or a one-time password to act as a strong defense against attacks that lead to data breaches. But as attacks have become more sophisticated, the weaknesses of password-based authentication are glaring (as they leave businesses vulnerable to attacks such as brute-force, phishing and credential stuffing). These attacks are costly for businesses in terms of lost revenue, legal fees and reputational damage.

The rise of cloud-based services and remote work is only adding fuel to that fire, as traditional security measures such as firewalls and VPNs are no longer sufficient to protect against attacks. This has resulted in the need for stronger authentication methods, such as multi-factor and adaptive authentication.

Still, IT leaders continue to rely on the least secure forms of authentication, including traditional usernames and passwords and one-time passwords. In a report from Yubico, only 46% of respondents protect their enterprise applications with MFA.

Hmm. This is a bit concerning, considering that 59% of respondents reported having a security breach within the past year, up 6% from just two years ago.

Seeing those results prompted Yubico to dive a bit deeper with its research. For those unfamiliar with Yubico, the hardware authentication security keys provider created security solutions based on an open standard and is a co-founder of the FIDO Alliance, which is dedicated to developing open, interoperable authentication standards. Yubico developed the YubiKey, which is a security key that provides strong MFA and eliminates the need for passwords.

Looking at the specific methods of authentication, the Yubico survey found that one of the least secure methods is the most deployed – usernames and passwords at 91%. Hardware-based USB security keys at 62%, biometrics at 59%, passwordless MFA at 58% and smart cards at 58% are the least deployed.

Those stats are appalling considering the amount of times companies preach about being the most secure and adopting solutions that mitigate all data breaches. But the survey revealed a stat that makes it not surprising at all.

Regarding the Executive Order on cybersecurity issued by President Joe Biden in May 2021 in response to the U.S. Office of Management and Budget issued Memo M-22-09, the survey found that only two-thirds have heard of the executive order and related OMB guidance regarding phishing-resistant MFA, and 91% of respondents report being familiar with FIDO standards. 

While many organizations have responded to the call for more secure forms of authentication, there is still a need to spread awareness and increase education around phishing-resistant MFA overall.

“Not all MFA is equal, and even though businesses know legacy MFA tools are not effective to stay secure, we’re seeing they're still using them as primary tools of defense,” said Ronnie Manning, Chief Marketing Officer of Yubico. “Now more than ever, education around the importance of phishing-resistant MFA is critical to officially move away from legacy MFA tools that are leaving thousands of businesses exposed to cyberattacks around the world.”

If one thing that should be taken from the survey, it’s that businesses continue to rely on outdated authentication methods, thus putting themselves at risk of cyberattacks and data breaches. By adopting more secure authentication methods, businesses better protect themselves and their customers.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

What You Need to Know About KnowBe4's New PhishER Plus Threat Intel

By: Alex Passett    6/20/2024

Renowned phishing awareness company KnowBe4 is rolling out additional features for its PhishER Plus offering - PhishER Plus Threat Intel packs one hec…

Read More

DataStrike Acquires MiCORE, Creating SMB Data Infrastructure Powerhouse

By: Greg Tavarez    6/18/2024

DataStrike recently completed the acquisition of MiCORE in a transaction that will form a large MSP specializing in data infrastructure services for S…

Read More

Boldy Defending Businesses: Huntress Secures $150M in Series D Funding to Strengthen its Security Capabilities

By: Alex Passett    6/18/2024

Huntress has officially announced the closure of its successful $150 million Series D funding round. This was led by Kleiner Perkins, Meritech Capital…

Read More

MSPs Round Up Cyber Threats with Compliance Scorecard's CaaS Power-Up

By: Greg Tavarez    6/18/2024

MSPs can now breathe a sigh of relief as Compliance Scorecard announced an upgrade to its Compliance-as-a-Service, or CaaS, platform.

Read More

Pia's Usage-Based Model Optimizes MSP Resources

By: Greg Tavarez    6/18/2024

Pia's recently announced usage-based model means MSPs will only be charged for the resources and automations they actually leverage.

Read More