IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Authentication
#
Cyber attacks
#
NDI
Cyber attack risk high due to outdated authentication methods
Fri, 17th Mar 2023
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

The rate of cyber attacks within the UK remains an ongoing problem, leaving businesses of all sizes struggling to protect their digital networks and critical data from being compromised, according to Yubico. 

According to reports, 39% of UK businesses have experienced some form of cyber attack in the last year, including some of the UK's most sophisticated organisations. 

To understand these incidents from a different perspective, Yubico has released exclusive data in its inaugural State of Global Authentication survey, examining UK business' cybersecurity practices and their employees' understanding of general cyber hygiene.

According to the survey, 49% of UK participants agreed that organisations need to upgrade to phishing-resistant multi factor authentication (MFA).

Yet, organisations still rely on conventional, outdated methods to authenticate their digital accounts such as
usernames and passwords (53%), mobile SMS-based authentication (24%), password managers (22%), and mobile authentication apps or one-time passwords (OTPs) (19%).

Respondents believed that these methods were the most secure ways to authenticate, however, all of them have proven to be susceptible to common cyber attacks.

"Concerningly, more than half of UK organisations are still relying on using usernames and passwords and other outdated authentication methods, according to our research," says Niall McConachie, Regional Director (UK & Ireland) at Yubico.

"This, paired with poor basic cyber-hygiene practices, puts organisations at great risk of data breaches, ransomware attacks and phishing schemes," he says.

To effectively mitigate these types of attacks, McConachie sats UK businesses should implement passwordless cybersecurity such as strong two-factor authentication (2FA) or multi-factor authentication (MFA). By removing the need for passwords, strong 2FA and MFA are more user-friendly and bridge the gap between personal and professional data security. FIDO2 security keys, for example, have proven to be the most effective phishing-resistant option for business-wide cybersecurity. 

Interestingly, more than any other country surveyed, UK respondents understood that universal MFA is best practice for authentication and is a vital part of cybersecurity, but the companies they work for aren't providing these more robust methods.

Cyber attacks are not limited to companies and can directly target customers and employees as well. Indeed, over the past year, 77% of global respondents say they've been exposed to a cyber attack in their personal life and 48% had been exposed to one at work. This further emphasises the need for businesses to improve their cybersecurity while also educating employees on how to protect themselves online beyond the use of usernames and passwords.

Related stories
Upwind fortifies Cloud Security Platform with identity security
Exclusive: How BirdDog is shaking up the broadcasting industry
Titans of Tech - Mike East of Cado Security
AI cybersecurity gap affecting quarter of UK businesses
Virgin Media O2 to provide mobility data to UK Government
Top stories
Calvary applies Irish MEG digital audit tool in healthcare innovation
Deltek unveils AI tool Dela to boost project delivery efficiency
WalkMe's financial growth & AI advancements spotlighted at Realize 2024
Bugcrowd launches AI bias assessment for secure LLM application use
Kaspersky illuminates LockBit ransomware group's advanced tactics