Robust digital authentication is critical in protecting modern enterprises from today’s complex cyber threat landscape. With cyber attacks at an all-time high, it is up to those in management and executive positions to prioritise, implement and enforce modern cybersecurity practices throughout their organisation to protect their data and critical infrastructure.
To gauge the perspective of those in senior-level positions, Yubico has released data from its inaugural State of Global Authentication survey, examining attitudes towards cybersecurity and multi-factor authentication (MFA) practices throughout businesses around the world.
Effective protection against cybercrime requires using strong MFA across all apps and services. Interestingly, more than any other country surveyed, UK respondents agreed with this and believe MFA is best practice for authentication and is a vital part of cybersecurity.
When reviewing opinions of senior-level staff, senior managers (63 percent), executive members (68 percent), VPs (64 percent), and company directors (63 percent) agree that their organisation needs to upgrade to modern phishing-resistant MFA – like hardware security keys.
However, only 16 percent of UK respondents say their organisation has already implemented MFA across all apps and services. Furthermore, 11 percent of UK employees said their organisation implemented hardware security keys only after a cyber attack had occurred.
When it comes to possible barriers to implementing MFA, many UK companies are hesitant due to misconceptions including:
- MFA is expensive (17 percent)
- MFA is unnecessary (13 percent)
- MFA is complicated to deploy (10 percent)
- MFA is time-consuming (10 percent)
- MFA is difficult to use (9 percent)
Niall McConachie, regional director (UK & Ireland) at Yubico, comments on the survey’s findings and advises UK companies on what more can be done to improve their business-wide cybersecurity and adoption of MFA:
“Our research indicates that senior-level UK employees understand the value of strong MFA. We now know that nearly a third of board and executive-level members discuss cybersecurity frequently at meetings. However, there are significant gaps between business leaders wanting to implement MFA solutions and putting steps in place to do so. This, paired with misconceptions of MFA, such as it being expensive, difficult to use, and complicated to deploy, are hindering progress. Therefore, these findings have made it clear that UK enterprise MFA adoption still has a long way to go.
"Further statistics show that enterprise MFA is not being used to its full potential by UK organisations. This is demonstrated by the fact that phishing-resistant MFA was used so rarely in response to attacks, despite being the most secure form of authentication. Moreso, two of the barriers to organisations adopting MFA included organisations being too slow to adopt new technologies (15 percent) and others simply do not believe they are at risk for a cyber attack (9 percent).
"What senior-level staff need to consider is that using out-of-date or ineffective authentication methods risks both security and productivity. So, by reducing friction at login – such as eliminating usernames and passwords – MFA and strong two-factor authentication (2FA) can benefit organisations in more ways than one. For example, FIDO2 security keys are phishing-resistant and provide a seamless login experience across multiple devices and online accounts, all while maintaining the highest level of security possible.
“The degree to which leaders value and prioritise their cybersecurity can have a direct impact on others throughout the organisation. Therefore, businesses must do more to change business-wide attitudes towards cybersecurity standards and authentication practices, starting with executives and senior-level staff.”