Survey finds UK companies are putting staff at Risk of Cyber Attacks with outdated authentication methods
March 2023 by Yubico
The rate of cyber attacks within the UK remains an ongoing problem, leaving businesses of all sizes struggling to protect their digital networks and critical data from being compromised. According to reports, 39 percent of UK businesses* have experienced some form of cyber attack in the last year, including some of the UK’s most sophisticated organisations. To understand these incidents from a different perspective, Yubico has released exclusive data in its inaugural State of Global Authentication survey, examining UK businesses’ cybersecurity practices and their employees’ understanding of general cyber hygiene.
According to the survey, 49 percent of UK participants agreed that organisations need to upgrade to phishing-resistant multi factor authentication (MFA). Yet, organisations still rely on conventional, outdated methods to authenticate their digital accounts such as:
• Usernames and passwords (53 percent)
• Mobile SMS-based authentication (24 percent)
• Password managers (22 percent)
• Mobile authentication apps or one-time passwords (OTPs) (19 percent)
Respondents believed that these methods were the most secure ways to authenticate, however, all of them have proven to be susceptible to common cyber attacks.
Niall McConachie, regional director (UK & Ireland) at Yubico, comments on the survey’s findings and explains what is needed to improve cyber hygiene and data security practices amongst UK organisations:
“Concerningly, more than half of UK organisations are still relying on using usernames and passwords and other outdated authentication methods, according to our research. This, paired with poor basic cyber-hygiene practices, puts organisations at great risk of data breaches, ransomware attacks and phishing schemes.
“To effectively mitigate these types of attacks, UK businesses should implement passwordless cybersecurity such as strong two-factor authentication (2FA) or multi-factor authentication (MFA). By removing the need for passwords, strong 2FA and MFA are more user-friendly and bridge the gap between personal and professional data security. FIDO2 security keys, for example, have proven to be the most effective phishing-resistant option for business-wide cybersecurity. Interestingly, more than any other country surveyed, UK respondents understood that universal MFA is best practice for authentication and is a vital part of cybersecurity, but the companies they work for aren’t providing these more robust methods.
“Cyber attacks are not limited to companies and can directly target customers and employees as well. Indeed, over the past year, 77 percent of global respondents say they’ve been exposed to a cyber attack in their personal life and 48 percent had been exposed to one at work. This further emphasises the need for businesses to improve their cybersecurity while also educating employees on how to protect themselves online – beyond the use of usernames and passwords.”