National Cyber Security Centre report - Yubico comments
March 2021 by Nic Sarginson, Principal Solutions Engineer at Yubico
Yesterday, the government released this report urging UK businesses to act as two in five UK firms experienced cyber attacks in the last year. In case relevant for any articles you may be writing, please find below comments from cyber security expert, Nic Sarginson, Principal Solutions Engineer at Yubico.
Yubico helps companies like Google to secure 85,000+ of its employees against online fraud, platforms like Gov.uk to help protect gateways against cyber criminals, and within the UK government and defence departments to secure their users. Nic Sarginson, Principal Solutions Engineer at Yubico:
“Businesses still rely heavily on passwords for security, despite the fact that passwords are increasingly ineffective against modern cyber-attacks. In fact, research shows that people reuse their passwords across an average of ten personal accounts, while ‘123456’ still topped the list for the most common password in 2020.
“British businesses need to adopt different forms of authentication and embrace passwordless as the future if they want to protect their assets. Microsoft has long been championing the benefits of passwordless and believes passwords will soon be obsolete. Unfortunately, businesses fall into the trap of sticking with passwords because there are benefits like portability, compatibility, and interoperability. Plus, everyone is used to them.
“Luckily, there are passwordless options that cover all of the benefits of passwords while also increasing security and usability, like biometrics and hardware security keys. In fact, Google uses security keys to protect over 85,000 of its employees, leading to zero confirmed account takeovers. The results are clear and it’s good to see the Government highlighting the problem, with the National Cyber Security Centre advocating the implementation of MFA and a move towards passwordless. “Transitioning to passwordless won’t happen overnight, but it is a journey that businesses need to embark on. This report should be a wake-up call to businesses that if they don’t start this journey, they’ll be one of the two in five that get cyber attacked.”