Cybersecurity must evolve to tackle rising phishing trends

According to Yubico, it is now the opportune moment to transition from outdated multi-factor authentication (MFA) systems to advanced MFA that is resistant to phishing, as the number of security breaches keeps increasing.

According to the latest State of Global Enterprise Authentication Survey conducted by Yubico, the management of enterprise authentication has not kept up with the pace of change. Despite being the least secure method, the use of a username and password (known as single-factor authentication) remains the most widespread form of authentication.

According to the study, a higher percentage of workers in Australia (65%) and New Zealand (63%) depend on their username and password for authentication compared to the global average (59%).

Geoff Schomburgk, the Regional VP for Asia Pacific & Japan (APJ) at Yubico, emphasized the importance of understanding that all MFA solutions are not identical for both enterprises and consumers.

According to him, alternative authentication methods such as SMS-based and mobile apps are more superior compared to traditional username and password. However, it is important to note that all these methods possess vulnerabilities and are susceptible to phishing attempts. During transit, text messages can be intercepted, mobile apps can be manipulated, and there is always a risk of losing, damaging, or having one's phone stolen.

Industry professionals widely regard hardware security keys, like YubiKeys, as the top-notch solution in terms of MFA (Multi-Factor Authentication) resistant to phishing attacks. These keys are user-friendly and are specifically crafted to streamline account security, ultimately simplifying the lives of both corporate and individual users by addressing concerns related to it.

In line with the increasing pattern of online assaults, Yubico's study revealed that 70% of workers in New Zealand and 78% of workers in Australia claim to have encountered a cyber attack in their individual lives within the previous year.

Schomburgk explains that these incidents typically happen when malicious individuals deceive others into divulging their personal information. The culprits typically target their victims through various means such as emails, phone calls, text messages, or direct messages on social media platforms. They lure the users into visiting a counterfeit website that imitates the appearance and functionality of a legitimate site. This way, unsuspecting victims end up providing their personal details on these malicious platforms.

It's not only individuals' personal information that cyber criminals target; occasionally, they engage in hacking activities with the aim of gaining control over user accounts or attaining increased levels of access and flexibility to navigate through a company's valuable data resources.

Schomburgk clarified that by utilizing MFA that is immune to phishing, even if malevolent individuals manage to obtain a user's login details, they will be rendered useless and their endeavors to carry out destructive actions will inevitably be met with failure.

He mentions that as a large number of individuals regularly come across phishing attacks and many corporations still rely on usernames and passwords, it becomes crucial to implement more robust multi-factor authentication (MFA).

Fortunately, a much larger number of individuals prioritize safeguarding their account information, which reflects a crucial reality: individuals value the security of their online persona.

According to the findings of Yubico's study, Australian businesses are lagging behind in their implementation of MFA. The survey uncovered several grounds for this, such as the belief that MFA is costly, requires a significant amount of time, or is simply not needed. What is worrisome is that numerous organizations are forgoing MFA due to the mistaken assumption that they are immune to cyber attacks. This includes 14% of Australian companies and 10% of those in New Zealand.

Schomburgk asserts that Yubico's primary objective is to enhance internet security for all individuals, and effectively safeguarding oneself against cybercriminals entails implementing multi-factor authentication (MFA) across various applications and services.

Companies have a distinct chance to lessen the possibility of harm and enhance conformity by embracing MFA that is immune to phishing attacks, ultimately leading to robust and dependable cybersecurity.