Exclusive: Yubico finds majority still using outdated methods to secure data
Yubico's latest global survey has revealed alarming statistics about how many people continue to rely on insecure usernames and passwords despite rising cyber threats.
Yubico has unveiled the results of its latest global authentication survey, and the findings are nothing but stark.
According to Geoff Schomburgk, Regional Vice President for Asia Pacific and Japan at Yubico, the survey shows that despite increasing cybersecurity attacks, a large percentage of people still trust outdated security methods.
"39% of respondents still think a username and password is good enough, and that's really scary," he said.
The survey, which included responses from over 20,000 individuals across 10 countries, highlights that a significant 58% of respondents still use just a username and password for personal accounts.
When it comes to work accounts, the figure isn't much better, sitting at 54%. Schomburgk explained that this reliance on insecure methods indicates a general lack of awareness about best practices in authentication.
"There's still a long way to go when it comes to uplifting people's security," he told TechDay.
One of the most concerning trends Yubico identified is the rise of phishing attacks, particularly in regions previously insulated due to language barriers. Schomburgk pointed out that artificial intelligence (AI) has played a key role in increasing the sophistication of these attacks. "In Japan, phishing was less common because of the language barrier," he explained, "but AI makes it super easy to overcome that. We've seen a significant uplift in phishing attacks in Japan." He went on to share that 72% of respondents from the survey had noticed phishing scams becoming more sophisticated due to AI, and 66% acknowledged that these scams were also becoming more successful.
In Schomburgk's view, AI is not only making phishing attacks more prevalent but also more convincing.
"Phishing as a business is growing," he said. The result is that more people are being successfully targeted, prompting a need for greater adoption of multifactor authentication (MFA) solutions, particularly those that are phishing-resistant.
Phishing-resistant MFA, such as Yubico's YubiKey and passwordless options like passkeys, was highlighted throughout the survey as a key way for users and businesses to protect themselves. Despite the availability of these tools from major tech companies such as Microsoft, Apple, Google, and Facebook, the survey results reveal that 39% of respondents still believe that username and password combinations are secure.
Schomburgk praised initiatives in some countries to promote stronger cybersecurity practices, such as Australia's Essential Eight strategies. "We're really encouraged by the activities from our government here in Australia, particularly the Australian Signals Directorate, which is encouraging the use of phishing-resistant MFA," he said. However, he also emphasised that there's still a lot of work to be done globally, citing countries like India and Malaysia that are just beginning to take action in this area.
The survey also revealed widespread uncertainty among users about whether the apps and services they use are doing enough to protect them from cyber threats. A significant 40% of respondents said they were not confident that the security features provided by their apps were sufficient.
"There's a high degree of uncertainty there, and from that, I think it's safe to assume that people feel like they've got to do it themselves," he explained.
Yubico's survey also sheds light on the cybersecurity landscape in businesses, with results showing that 40% of respondents had never received cybersecurity training from their employers.
Schomburgk stressed that only 27% of respondents felt their organisation's security measures were sufficient, indicating that many companies still have a long way to go when it comes to protecting their employees and data.
A particularly concerning statistic was the finding that 34% of respondents did not receive any training or guidance on how to secure their work accounts during onboarding. Schomburgk sees this as a major missed opportunity for companies.
"When you're bringing an employee into the business for the first time, that's the ideal opportunity to get cybersecurity right," he explained.
While the findings show that there's still significant progress to be made, Schomburgk remains optimistic about the future of cybersecurity. He emphasised the importance of personal responsibility in enhancing one's own security, saying, "People need to take action by doing things like regularly updating software, changing passwords, and moving towards phishing-resistant MFA when it's available."
Yubico is also advocating for what Schomburgk calls a "phishing-resistant user" approach, where individuals apply the same cybersecurity best practices at home as they do at work.
This approach, he explained, not only improves individual security but also helps businesses by fostering a culture where employees are more security-conscious.
"If you've got people that are educated and using this technology in their Facebook, Instagram, frequent flyers, whatever, they bring it to the workplace," he said.
The survey also highlighted the areas most vulnerable to cyberattacks, with social media, payment applications, and online shopping platforms topping the list.
"Not surprisingly, where there's personal or financial information at stake, that's where the targets are," said Schomburgk.
Specifically, 44% of respondents had experienced cyberattacks on their social media accounts, while 24% had seen attacks on their payment apps, and 21% had been targeted through online shopping platforms.
Looking ahead, Schomburgk believes that both individuals and organisations can take immediate steps to reduce their vulnerability to cyber risks.
"Phishing-resistant MFA is the way forward. Adopt that wherever you can, in all aspects of your digital world," he advised. His ultimate vision is aligned with Yubico's mission: to make the internet a safer place for everyone.
"We're on that journey to make the internet safer, and we're making great progress. But there's still a lot more to be done."