Findings from the Global State of Identity Verification in Businesses survey found that more than half of employees rely on insecure authentication methods.
Yubico records that 65% of workers in Australia and 63% in New Zealand still rely on usernames and passwords as their primary means of authentication, beating the global average of 59%.
Despite extensive awareness campaigns and corporate training emphasizing password insecurity, 22 percent of all respondents believe basic login credentials are the most secure form of authentication.
Equipping employees with phishing-resistant authentication methods is critical to protecting digital identities and preventing breaches, according to hardware authentication security key provider Yubico.
Data breaches often occur when people reuse passwords, use easily guessed passwords, share credentials, or click on malicious links by mistake.
The least secure form of authentication is still the most common. Unfortunately, Australia and New Zealand lag behind the world as decades-old password authentication methods still dominate.
Authentication methods include SMS-based one-time passwords (OTP), authenticator apps, and other forms of multi-factor authentication (MFA). However, many traditional MFA methods are highly vulnerable to phishing and ransomware attacks.
The Global State of Identity Verification for Businesses survey report reveals that one in five New Zealand respondents and over a quarter in Australia trust mobile SMS-based authentication, which is widely used due to the higher risk of phishing Considered the least secure form of MFA.
A one-time password or mobile authenticator app used as the primary source of authentication is better than username/password alone, but not enough to protect digital identities from compromise.
While Australian and New Zealand businesses still have a long way to go to adopt MFA, it is not impossible with the modern anti-phishing MFA solutions available today.
The survey found that workers in Australia and New Zealand were the least likely to use hardware keys to authenticate their business accounts at 15% and 13% respectively.
Office of the Australian Information Commissioner (OAIC) Notifiable Data Breach Reports: Disclosed July-December 2022 There were 497 notifiable data breaches reported between July-December 2022, a 26% increase from the first half of the year.
Notably, 350 breaches were attributed to malicious or criminal attacks, a 41 percent increase from the first half, while 123 notifications were related to human error breaches.
The attacker is not breaking in, but logging in. The recent Optus, Medibank and Latitude Financial cyber-attacks have all helped to raise awareness, importance and value of digital identity and how it can be easily compromised.
Phishing attacks, in which victims reveal sensitive information or download malware, are one of the most common tactics used by cybercriminals, and the tools they use are becoming increasingly sophisticated.
Trusting employees to use common sense or to be extra vigilant is a good start to reducing breaches, but it's not enough to prevent attacks.
Yubico's mission is to make the Internet safer for everyone, and the fastest path to strong, reliable web security lies in anti-phishing MFA.