Passwordless authentication is the key
As the Cybersecurity and Infrastructure Security Agency (CISA) launches a new awareness programme for October’s Cybersecurity Awareness Month, we ask Niall McConachie, regional director (UK & Ireland), Yubico (www.yubico.com) how organizations can improve their data security practices with passwordless authentication …

“With more than half of UK organizations still relying on using usernames and passwords and other outdated methods to authenticate devices, Cybersecurity Awareness Month is more important than ever.  It is essential for businesses to embrace good cyber hygiene practices to lower the risk of ransomware attacks and phishing schemes.  To effectively mitigate these cyber attacks, and as suggested by the CISA, UK businesses should implement phishing-resistant multi-factor authentication (MFA), like a FIDO2 hardware security key.  
 
“Account takeovers, phishing, and man-in-the-middle attacks are just some of today’s most prolific methods that can potentially lead to a data breach.  The effects of these attacks are not just limited to the company itself but can also directly impact customers and employees.  This further emphasises the need for businesses to improve their cybersecurity practices while also educating individuals on how to protect themselves online–beyond the use of usernames and passwords.  Frequent training on cyber risks will be essential to ensure employees are aware of and know how to deal with cyber risks.
 
“UK corporations should consider robust and user-friendly forms of phishing-resistant MFA.  The most effective option for business-wide cybersecurity is FIDO2 keys, which provide a seamless login experience across multiple devices and online accounts, all while maintaining the highest level of security possible.  This method also offers strong authentication which can be used with various digital devices, services, and accounts, reducing the number of times a user would need to log in.  However, and most importantly, organizations that adopt phishing-resistant, passwordless solutions can benefit from an enhanced security posture across the business and significantly reduce the risk of a cyber attack.”

According to Yubico’s State of Global Enterprise Authentication Survey (www.yubico.com/resource/state-of-global-enterprise-authentication-survey-uk) only 11% of UK respondents use anti-phishing MFA, such as hardware security keys and more than half (53%) use a username and password as a primary way of authentication despite phishing-resistant MFA, such as hardware security keys or biometric identifiers, which significantly reduces the risk of hacking by adding another layer of security.   Additionally, the survey revealed that only 42% of employees are required to go through frequent security training.  The combination of outdated cybersecurity practices and a lack of training can hugely weaken organizations’ cyber defences.