Business leaders pave the way for phishing-resistant MFA

Business leaders pave the way for phishing-resistant MFABy Niall McConachie, regional director (UK & Ireland) at Yubico

When it comes to protecting modern enterprises from a complex cyber threat landscape, robust digital authentication is essential. Although most organisations have, or plan to, implement sophisticated technology and embrace digital transformation initiatives, the way in which enterprise authentication is approached is often outdated. Despite global cyber crime concerns, there is plenty of work to be done when it comes to safeguarding organisations from attacks like phishing and ransomware.

According to the State of Global Enterprise Authentication Survey from Yubico, more than half (53 percent) of UK employees use a username and password as their primary way to access their business accounts, and 23 percent believe this the most secure method of authentication. This is an issue which urgently needs addressing, particularly as bad actors repeatedly buy, steal, or break their way through those credentials with ease. With cyber crime on the rise, it is essential for those in management and executive positions to prioritise, implement, and enforce modern cyber security initiatives that remove the use of basic login credentials and prioritise strong multi-factor authentication (MFA).

Cyber crime is inevitable

With more reliance on technology than ever before, cyber attacks have become somewhat inevitable. This demonstrates why three in ten (30 percent) of UK businesses have board members or trustees responsible for cyber security as part of their job role, with this number rising to 41 percent for medium businesses and 53 percent for large businesses. In addition, the introduction of sophisticated software such as artificial intelligence (AI) has only heightened concern amongst business leaders. According to research from Blackberry, more than half (51 percent) of security leaders expect ChatGPT to be at the heart of a successful cyber attack by 2024.

One of the most prevalent methods used by bad actors is phishing attacks, which remain a huge concern for organisations and individuals alike. Often appearing in the form of emails, text messages, or push notifications, phishing attacks aim to manipulate victims into sending private information or assets. In some cases, these prompts come from seemingly ‘trusted’ organisations.

Today, bad actors use a variety of phishing attacks, depending on who they are targeting and what they aim to achieve. For example, ‘spear phishing’ targets specific individuals such as system admins, ‘smishing’ takes place over text or chat where trust is implied and information flows freely, and ‘whaling’ targets high-level employees such as c-suite executives.

Phishing attacks should be top of mind for executives if they are not already. According to the Yubico survey, many UK respondents have fallen victim to a phishing attack within a 12-month period. The research found 16 percent of respondents received an email asking for their organisation’s information to verify account credentials, and 13 percent received an email from a familiar company asking for their organisation’s data. Despite this, the survey found that only 24 percent of business owners and less than half (43 percent) of directors frequently discuss the importance of cybersecurity and how to best protect their employees.

To combat phishing attacks, it is essential for business leaders to regularly discuss modern cyber threats and prevention methods and consider implementing robust cybersecurity practices such as phishing-resistant MFA.

Modern, phishing-resistant MFA is the way

With phishing-resistant MFA, hackers who gain access to a user’s login credentials will not be able to compromise the second layer of authentication, meaning their attempted attacks will fail. One of the highly recommended techniques by security experts for fighting phishing attacks is a hardware security key such as the YubiKey, which requires proof of possession and the presence of the user to log in or gain access. Hardware security keys are an ideal option for strong phishing-resistant MFA, as they do not require external power or a network connection, and do not publish stored data. In addition, they deliver a great user experience, by allowing users to log in with a single tap or touch on the security key.

Most industry experts consider hardware authenticator keys as the gold standard for phishing-resistant MFA, as they remove the reliance on usernames and passwords, and it does not stop there. According to the survey, 68 percent of UK respondents in executive positions and 63 percent of directors agree that their organisation needs to upgrade to modern phishing-resistant MFA. This indicates that senior-level staff are becoming better informed about the value of strong MFA and increases their chance of preventing cyber attacks altogether.

With technology constantly evolving and bad actors adapting their techniques, it has never been more important for senior staff to ensure phishing-resistant MFA is implemented throughout the organisation. As most individuals encounter frequent phishing attacks, and many companies still use single-factor authentication, it is expected that phishing-resistant MFA will become more common, if not mandatory, within the coming years.