The rate of cyber-attacks within the UK remains an ongoing problem, leaving businesses of all sizes struggling to protect their digital networks and critical data from being compromised.
According to reports, 39 per cent of UK businesses have experienced some form of cyber-attack in the last year, including some of the UK’s most sophisticated organisations. To understand these incidents from a different perspective, Yubico has released data in its inaugural State of Global Authentication survey, examining UK businesses’ cybersecurity practices and their employees’ understanding of general cyber hygiene.
According to the survey, 49 per cent of UK participants agreed that organisations need to upgrade to phishing-resistant multi-factor authentication (MFA). Yet, organisations still rely on conventional, outdated methods to authenticate their digital accounts such as:
Respondents believed that these methods were the most secure ways to authenticate, however, all of them have proven to be susceptible to common cyber-attacks.
Niall McConachie, Regional Director (UK & Ireland) at Yubico said, “concerningly, more than half of UK organisations are still relying on using usernames and passwords and other outdated authentication methods, according to our research. This, paired with poor basic cyber-hygiene practices, puts organisations at great risk of data breaches, ransomware attacks, and phishing schemes.
“To effectively mitigate these types of attacks, UK businesses should implement passwordless cybersecurity such as strong two-factor authentication (2FA) or multi-factor authentication (MFA). By removing the need for passwords, strong 2FA, and MFA are more user-friendly and bridge the gap between personal and professional data security. FIDO2 security keys, for example, have proven to be the most effective phishing-resistant option for business-wide cybersecurity. Interestingly, more than any other country surveyed, UK respondents understood that universal MFA is the best practice for authentication and is a vital part of cybersecurity, but the companies they work for aren’t providing these more robust methods.
“Cyber-attacks are not limited to companies and can directly target customers and employees as well. Indeed, over the past year, 77 per cent of global respondents say they’ve been exposed to a cyber-attack in their personal life and 48 per cent had been exposed to one at work. This further emphasises the need for businesses to improve their cybersecurity while also educating employees on how to protect themselves online, beyond the use of usernames and passwords.”