Coming to the end of Cybersecurity Awareness month 2022, it is good to be reminded that hackers do not always need to break in. Through phishing and social engineering, they are now logging in to companies, governments and individuals.
Data from the State of Global Enterprise Authentication Survey 2022, conducted Censuswide on behalf of Yubico, highlights the critical importance of using modern phishing-resistant MFA to protect organisations against increasingly sophisticated cyberattacks.
Data acquired from over 16,000 employees in eight countries including the UK, United States, Australia, New Zealand, Singapore, France, Germany and Sweden, found that while employees and enterprises across the globe are increasingly aware of the risks of cybercrime, many still leave themselves vulnerable by using legacy authentication methods and by failing to follow cybersecurity best practices.
Survey results show that:
- 59% of employees still rely on username and password as their primary method to authenticate into accounts
- Nearly 54% of employees admit to writing down or sharing a password
- 22% of those surveyed still think username and password is the most secure method of authentication
- 61% think their organisation needs to adopt modern phishing-resistant MFA-like security keys and 79% of VP-level staff want their organisation to upgrade to phishing-resistant MFA
- More than 54% of employees are not required to go through cybersecurity training on a frequent basis
- Over the last 12 months, nearly 57% admit to using a work-issued device for personal use
State of modern enterprise authentication
According to Stina Ehrensvärd, CEO and co-founder, Yubico, “The results from Yubico’s global survey highlight the biggest concerns, challenges and real-world scenarios that organisations are facing globally when it comes to their cybersecurity efforts – including the continued reliance on legacy MFA solutions like one-time passwords.”
“It’s a stark reminder of how far the enterprise still has to go to adopting and standardizing phishing-resistant MFA tools."
Stina Ehrensvärd
Better than passwords
Calling out the survey, Yubico’s vice president of solutions architecture and alliances, Derek Hanson the results only re-emphasize what we already know – that passwords are not enough and that not all MFA is created equal.
“We’re excited about the arrival of passkeys to help make FIDO authentication globally accessible. It is important to understand how passkeys will impact your organization and what type of passkey is right for you.”
Derek Hanson
“Passkeys by definition are passwordless-enabled FIDO credentials, but YubiKeys only create hardware-bound passkeys which are not copyable – ensuring the highest level of security for enterprises," Hanson concluded.
