IT Brief UK - Technology news for CIOs & IT decision-makers
Story image

Cyber attack risk high due to outdated authentication methods

The rate of cyber attacks within the UK remains an ongoing problem, leaving businesses of all sizes struggling to protect their digital networks and critical data from being compromised, according to Yubico. 

According to reports, 39% of UK businesses have experienced some form of cyber attack in the last year, including some of the UK's most sophisticated organisations. 

To understand these incidents from a different perspective, Yubico has released exclusive data in its inaugural State of Global Authentication survey, examining UK business' cybersecurity practices and their employees' understanding of general cyber hygiene.

According to the survey, 49% of UK participants agreed that organisations need to upgrade to phishing-resistant multi factor authentication (MFA).

Yet, organisations still rely on conventional, outdated methods to authenticate their digital accounts such as
usernames and passwords (53%), mobile SMS-based authentication (24%), password managers (22%), and mobile authentication apps or one-time passwords (OTPs) (19%).

Respondents believed that these methods were the most secure ways to authenticate, however, all of them have proven to be susceptible to common cyber attacks.

"Concerningly, more than half of UK organisations are still relying on using usernames and passwords and other outdated authentication methods, according to our research," says Niall McConachie, Regional Director (UK & Ireland) at Yubico.

"This, paired with poor basic cyber-hygiene practices, puts organisations at great risk of data breaches, ransomware attacks and phishing schemes," he says.

To effectively mitigate these types of attacks, McConachie sats UK businesses should implement passwordless cybersecurity such as strong two-factor authentication (2FA) or multi-factor authentication (MFA). By removing the need for passwords, strong 2FA and MFA are more user-friendly and bridge the gap between personal and professional data security. FIDO2 security keys, for example, have proven to be the most effective phishing-resistant option for business-wide cybersecurity. 

Interestingly, more than any other country surveyed, UK respondents understood that universal MFA is best practice for authentication and is a vital part of cybersecurity, but the companies they work for aren't providing these more robust methods.

Cyber attacks are not limited to companies and can directly target customers and employees as well. Indeed, over the past year, 77% of global respondents say they've been exposed to a cyber attack in their personal life and 48% had been exposed to one at work. This further emphasises the need for businesses to improve their cybersecurity while also educating employees on how to protect themselves online beyond the use of usernames and passwords.

Follow us on: