SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Yubico research finds concerning trends around authentication security practices
Mon, 3rd Oct 2022
FYI, this story is more than a year old

A new global survey from Yubico has found that 59% of employees still rely on usernames and passwords as the primary method to authenticate their accounts.

Yubico's inaugural State of Global Enterprise Authentication Survey 2022, conducted for Yubico by Censuswide, polled 16,000+ employees across a variety of enterprises in eight countries. The research comes in line with Cybersecurity Awareness Month.

The survey asked employees about their perceptions and perceived challenges in relation to MFA, security tools and internal security practices at their organisation, as well as asking about their recent experiences with cyberattacks.

Cybersecurity authentication and MFA trends were found to be the top areas mentioned, with the most alarming statistic revealing that 59% of employees still rely on usernames and passwords as their primary method to authenticate into accounts.

Nearly 54% of employees also admitted to writing down or sharing a password, and over 22% of those surveyed still believed that usernames and passwords are the most secure authentication method.

61% of employees thought their organisation needed to upgrade to modern phishing-resistant MFA and 79% of VP-level staff want their organisation to upgrade to modern phishing-resistant MFA (like hardware security keys).

The research also found that there was a lack of training and knowledge relating to cybersecurity protocol.

More than 54% of employees said they are not required to go through cybersecurity training on a frequent basis.

Employees are also engaging in potentially unsafe device habits. Over the last 12 months, nearly 57% admitted to using a work-issued device for personal use. 

"Cybersecurity Awareness Month brings global awareness for security hygiene, and is a good time for people and organisations to take action now to shore up their cybersecurity practices," says Stina Ehrensvrd, CEO and Co-Founder, Yubico.

"The results from Yubicos global survey highlight the biggest concerns, challenges and real-world scenarios that organisations are facing globally when it comes to their cybersecurity efforts including the continued reliance on legacy MFA solutions like one-time passwords. It's a stark reminder of how far the enterprise still has to go to adopting and standardising phishing-resistant MFA tools."

Also, in line with this research, Yubico recently brought together cybersecurity industry leaders for its inaugural YubiSummit event in San Francisco. The event included leading organisations at the forefront of security and contained in-depth discussions around the top challenges facing enterprises today.

Topics ranged from the benefits of ethical hacking to corporate responsibility and collaboration. 

Mary Mangione, Yubicos Senior Communications and Brand Manager and lead for its philanthropic program, Secure it Forward, was joined by experts from Google, Microsoft and Defending Digital Campaigns to discuss protecting high-risk users.

She revealed that, as the research shows, there is a clear need for partnerships to create secure outcomes. She also revealed how Yubico is protecting its users.

"Collaborating with organisations like Google, Microsoft and Defending Digital Campaigns allows us to better protect high-risk users and organisations that need it most.

"At Yubico, our Secure it Forward program provides YubiKeys on a global scale at no-cost to help equip journalists, political organisations and nonprofits with strong security."