Strong authentication best defence against Ransomware: Yubico
With cyber-attacks on the rise, organisations worldwide face an increasing threat from ransomware attacks, which could be better managed if strong authentication best practices are adopted, according to Yubico, the provider of hardware authentication security keys.
The Latest 2023 Ransomware Statistics (July 2023) update from AAG stated ransomware accounted for around 20% of all cyber crimes in 2022, with 236.1 million ransomware attacks taking place worldwide in the first half of 2022.
Moreover, IBM’s recent Cost of a Data Breach Report 2023 found the global average cost of a data breach in 2023 was US$4.45 million, representing a 15% increase over the past three years.
Ransomware attacks are a severe and pervasive problem that can strike any organisation, often resulting from stolen login credentials via phishing to access sensitive data.
Notable companies across various industries have fallen victim to such attacks, including the high-profile Latitude Financial and Medibank incidents in Australia, which affected millions of customers.
Knowing how easy and lucrative these attacks can be, cybercriminals are now looking to leverage new ransomware-as-a-service (RaaS) models for profit-sharing in exchange for ransomware tools. As ransomware continues to be a prevalent threat, organisations must prioritise strong, phishing-resistant multifactor authentication (MFA) as a critical defence mechanism.
Geoff Schomburgk, regional vice president for Asia Pacific and Japan (APJ) at Yubico, says because the most common entry point for ransomware is phishing, it's important for businesses to be proactive in safeguarding their digital identities and prevent attacks by putting the right tools in place. "When it comes to ransomware, it's not a question of if your organisation will be targeted, but when. To safeguard digital identities and enhance breach prevention, equipping employees with phishing-resistant authentication methods is essential."
Yubico's recent State of Global Enterprise Authentication Survey revealed alarming statistics regarding the prevalence of phishing tactics and insecure authentication practices. More people in Australia and New Zealand rely on usernames and passwords as their primary means of authentication (65% of Australian and 63% of New Zealand employees), exceeding the global average of 59%.
The Yubico Survey also revealed that 70% of employees in New Zealand and 78% of employees in Australia reported experiencing a cyberattack in their personal lives over the past year. Meanwhile, 60% of respondents faced cyberattacks at their workplace in the last 12 months.
The survey highlighted the troubling risks and high likelihood of damage associated with cyber-attack exposure. Among the respondents, 35% experienced reputational damage and suffered damage to profits. Additionally, 17% reported losing employees due to cyberattacks, and 20% had their operations suspended, further emphasising the severity of the issue.
"The shortcut to strong, reliable cybersecurity lies in adopting phishing-resistant MFA. Hardware authentication keys, like YubiKeys, are considered the gold standard for phishing-resistant MFA. Unfortunately, our survey found that employees in Australia and New Zealand were among the least likely to use hardware keys to authenticate their business accounts, indicating many companies are more vulnerable to an attack," adds Schomburgk.
Organisations need to implement a robust ransomware mitigation plan and a well-prepared ransomware incident response procedure to combat ransomware effectively. Strong authentication, such as hardware security keys aligned with FIDO2 protocols, plays a crucial role in enhancing cybersecurity by removing the reliance on passwords and mobile devices, significantly reducing the risk of a cyberattack.
"By rethinking their cybersecurity approach and prioritising phishing-resistant authentication methods, organisations can enhance their security posture and protect against the ever-growing threat of ransomware attacks,” concludes Schomburgk.