Despite Increasing Cybersecurity Attacks, People Still Believe Antiquated Username and Passwords Are Strong Enough
Yubico's 2024 Global State of Authentication survey reveals concerning cybersecurity trends. Despite increasing threats, 58% still use username and password for personal accounts, and 54% for work accounts. The survey, conducted across 10 countries, shows that 72% believe AI has made online scams more sophisticated. Alarmingly, 39% think username and password are the most secure method, while 37% trust mobile SMS authentication, both highly vulnerable to phishing. 40% of employees have never received cybersecurity training from their organizations. The study emphasizes the need for a holistic approach to cybersecurity, including stronger authentication methods and consistent employee training to combat evolving cyber threats in both personal and professional settings.
Il sondaggio Global State of Authentication 2024 di Yubico rivela tendenze preoccupanti nella cybersecurity. Nonostante le minacce crescenti, il 58% continua a utilizzare nome utente e password per gli account personali, e il 54% per gli account di lavoro. Il sondaggio, condotto in 10 paesi, mostra che il 72% crede che l'IA abbia reso le truffe online più sofisticate. Allarmante, il 39% pensa che nome utente e password siano il metodo più sicuro, mentre il 37% si fida dell'autenticazione tramite SMS mobile, entrambi altamente vulnerabili al phishing. Il 40% dei dipendenti non ha mai ricevuto formazione sulla cybersecurity dalle proprie organizzazioni. Lo studio sottolinea la necessità di un approccio olistico alla cybersecurity, che includa metodi di autenticazione più robusti e una formazione continua dei dipendenti per combattere le minacce informatiche in evoluzione sia in ambito personale che professionale.
La encuesta Global State of Authentication 2024 de Yubico revela tendencias preocupantes en ciberseguridad. A pesar de las amenazas crecientes, el 58% todavía utiliza nombre de usuario y contraseña para cuentas personales, y el 54% para cuentas laborales. La encuesta, realizada en 10 países, muestra que el 72% cree que la IA ha hecho que las estafas en línea sean más sofisticadas. Alarmantemente, el 39% piensa que el nombre de usuario y la contraseña son el método más seguro, mientras que el 37% confía en la autenticación por SMS móvil, ambos altamente vulnerables al phishing. El 40% de los empleados nunca ha recibido capacitación en ciberseguridad por parte de sus organizaciones. El estudio enfatiza la necesidad de un enfoque holístico hacia la ciberseguridad, que incluya métodos de autenticación más sólidos y capacitación continua para empleados para combatir las amenazas cibernéticas en evolución tanto en entornos personales como profesionales.
Yubico의 2024년 글로벌 인증 상태 설문조사는 우려스러운 사이버 보안 트렌드를 드러냅니다. 증가하는 위협에도 불구하고, 58%는 여전히 개인 계정에 사용자 이름과 비밀번호를 사용합니다, 54%는 업무 계정에 사용합니다. 10개국에서 실시된 이 설문조사는 72%가 인공지능(AI)이 온라인 사기를 더 정교하게 만들었다고 믿습니다. 놀랍게도 39%는 사용자 이름과 비밀번호가 가장 안전한 방법이라고 생각합니다, 37%는 모바일 SMS 인증을 신뢰합니다, 둘 다 피싱에 매우 취약합니다. 40%의 직원은 조직으로부터 사이버 보안 교육을 받은 적이 없습니다. 이 연구는 개인과 직장 환경 모두에서 발전하는 사이버 위협에 대응하기 위해 강력한 인증 방법과 일관된 직원 교육이 필요하다고 강조합니다.
L'enquête Global State of Authentication 2024 de Yubico révèle des tendances inquiétantes en matière de cybersécurité. Malgré des menaces croissantes, 58% utilisent encore un nom d'utilisateur et un mot de passe pour leurs comptes personnels, et 54% pour leurs comptes professionnels. L'enquête, réalisée dans 10 pays, montre que 72% estiment que l'IA a rendu les escroqueries en ligne plus sophistiquées. Inquiétant, 39% pensent que le nom d'utilisateur et le mot de passe sont la méthode la plus sûre, tandis que 37% font confiance à l'authentification par SMS mobile, tous deux très vulnérables au phishing. 40% des employés n'ont jamais reçu de formation sur la cybersécurité de la part de leurs organisations. L'étude souligne la nécessité d'une approche holistique de la cybersécurité, incluant des méthodes d'authentification plus solides et une formation continue des employés pour lutter contre l'évolution des menaces cybernétiques tant dans les contextes personnels que professionnels.
Die Umfrage Global State of Authentication 2024 von Yubico zeigt besorgniserregende Trends in der Cybersicherheit. Trotz steigender Bedrohungen nutzen 58% weiterhin Benutzername und Passwort für persönliche Konten, und 54% für Arbeitskonten. Die Umfrage, die in 10 Ländern durchgeführt wurde, zeigt, dass 72% der Meinung sind, dass KI Online-Betrügereien ausgeklügelter gemacht hat. Alarmierend ist, dass 39% denken, Benutzername und Passwort seien die sicherste Methode, während 37% der mobilen SMS-Authentifizierung vertrauen, die beide stark phishinganfällig sind. 40% der Mitarbeiter haben nie Schulungen zur Cybersicherheit von ihren Organisationen erhalten. Die Studie betont die Notwendigkeit eines ganzheitlichen Ansatzes für die Cybersicherheit, zu dem stärkere Authentifizierungsmethoden und kontinuierliche Schulungen der Mitarbeiter gehören, um sich gegen die sich weiterentwickelnden Cyberbedrohungen in persönlichen und beruflichen Kontexten zu wappnen.
- Global survey conducted across 10 countries, providing comprehensive insights
- Increased awareness of AI's impact on cybersecurity threats
- Identification of critical gaps in cybersecurity practices and awareness
- 58% still use insecure username and password for personal accounts
- 54% use vulnerable username and password for work accounts
- 39% incorrectly believe username and password are the most secure method
- 40% of employees have never received cybersecurity training from their organizations
- 22% have never conducted a personal cybersecurity audit
- 40% doubt or are unsure if online services adequately protect their data
Results from a new study by Yubico show the need for education and taking a more holistic approach to cybersecurity at both work and home
Conducted by Talker Research, the survey polled 20,000 people from around the world, including
The results of the survey uncovered concerning patterns and behaviors when it comes to personal and workplace cybersecurity, including the extensive underutilization of multi-factor authentication (MFA) and a generally reactive approach to addressing cyber threats. Key global findings include:
-
Despite being the least secure form of authentication, the most common method of authentication is username and password.
-
58% use username and password to login to personal accounts -
54% use username and password to login to work accounts
-
-
With the rapid advancements of artificial intelligence, respondents said that online scams and phishing attacks have become more sophisticated (
72% ) and successful (66% ).
-
Respondents show a lack of awareness of best practices for authentication
-
39% think username and password are the most secure and37% think mobile SMS based authentication is the most secure, both of which are highly susceptible to phishing attacks.
-
-
40% don’t think or aren’t sure if the online apps and services they are using are doing enough from a security standpoint to protect their data, accounts and personal information. Even with this uncertainty,22% have never done a personal cybersecurity audit (e.g., removing personal data from the internet, installing or updating cybersecurity software on their devices, changing compromised passwords, etc.) to better protect themselves online.
-
Respondents report the most commonly compromised passwords are on the apps and services that hold their most confidential, financial and personal information. These include:
-
Social media account –
44% -
Payment app –
24% -
Online retailer account –
21% -
Messaging app –
17% -
Banking app –
13%
-
Social media account –
-
For employees, even with security breaches increasing every year,
40% of respondents have never received cybersecurity training from the organization they work for and only a small fraction (27% ) believe the security options that their organization has in place are very secure.
-
When looking at the security aspect of onboarding employees, over 1/3 (
34% ) of respondents said they did not receive instructions to secure their work accounts with more than just a username and password when they first started at the company they work for.
-
Despite the fact that every employee in an organization is a potential target,
41% said security measures and requirements differ based on role and title at their company, leaving room for bad actors to infiltrate within several levels of an organization.
“The findings highlight the need for a holistic cybersecurity strategy that encompasses both home and work environments,” said Derek Hanson, vice president standards and alliances at Yubico. “This includes adopting stronger authentication methods to become phishing-resistant, fostering a culture of security awareness through consistent employee training, and more. Ultimately, building a unified front against cyber threats requires a concerted effort to bridge the gap between perceived and actual security. By integrating advanced security measures into all aspects of our digital lives, we can better protect ourselves, our data, and our organizations.”
Cybersecurity breaches and phishing schemes aren't solely a worry for IT departments or tech-savvy individuals; they also pose serious risks to the general public, especially in the era of Artificial Intelligence (AI). As cyber attacks and online scams become increasingly sophisticated, it is more important than ever for everyone to stay vigilant in both their personal and professional lives.
“When individuals fail to secure their personal accounts, they also put their workplaces at risk. This is why it’s crucial for enterprises to adopt a holistic approach to cybersecurity that considers the security of both work and personal environments,” Hanson continued.
For the full results of the survey, including recommendations for solutions, you can download an overview of the report here, the associated infographic here and our blog post here. For more information on Yubico, visit www.yubico.com.
About Yubico
Yubico (Nasdaq First North Growth Market Stockholm: YUBICO), the inventor of the YubiKey, offers the gold standard for phishing-resistant multi-factor authentication (MFA), stopping account takeovers in their tracks and making secure login easy and available for everyone. Since the company was founded in 2007, it has been a leader in setting global standards for secure access to computers, mobile devices, servers, browsers, and internet accounts. Yubico is a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and is a pioneer in delivering modern, hardware-based passkey authentication security at scale to customers in over 160 countries.
Yubico’s solutions enable passwordless logins using the most secure form of passkey technology. YubiKeys work out-of-the-box across hundreds of consumer and enterprise applications and services, delivering strong security with a fast and easy experience.
As part of its mission to make the internet more secure for everyone, Yubico donates YubiKeys to organizations helping at-risk individuals through the philanthropic initiative, Secure it Forward. The company is headquartered in
*This survey polled 2,000 employed adults from each of the following countries:
View source version on businesswire.com: https://www.businesswire.com/news/home/20240924303084/en/
Yubico Communications Team
press@yubico.com
Source: Yubico
FAQ
What are the key findings of Yubico's 2024 Global State of Authentication survey?
How many countries were included in Yubico's 2024 Global State of Authentication survey?
What percentage of respondents believe username and password are the most secure authentication method?
What percentage of employees have never received cybersecurity training from their organizations?