• Hackers don’t break in. They log in.

    90% of all internet breaches are due to stolen login credentials. Are you and your organization secure? 

    Cyber crime is surging like never before…

    Rise in cyber crime since the pandemic began.1
    Of companies have had a security breach in the last year.2
    Cyber attacks begin with a phishing email.3

    Most cyber attacks begin as phishing

    Phishing is a cybercrime where attackers induce people to reveal sensitive information, such as account numbers, login credentials, and passwords.

    1. User receives message containing “real” information

    Target receives email seemingly from a real person or reputable business

    2. Target tricked into sharing login details on fake website

    The design and URL of the fake website will seem identical to a genuine site

    3. Cybercriminals are now able to enter the real website

    Hackers can now commit fraud or blackmail the user into paying a ransom

    The consequences of a phishing attack are devastating

    Once hackers have successfully logged in, there are many ways they can damage your organization. Company secrets and private data can be leaked, or even sold online. Hackers can use this data, or the threat of paralyzing crucial business systems, to demand costly ransoms. They may even stay undetected for months or years, slowly gathering sensitive information. 

    Suffering a hack can severely impact an organization’s bottom line. In 2022, the cost of an average data breach rose to a record-breaking $4.35 million (IBM).

    Experienced reputational damage
    Suffered loss of income
    Saw increased employee turnover

    Old habits die hard – the security and usability tradeoff persists

    The notion of a tradeoff between security and usability is not new in cybersecurity and has been particularly evident in authentication. S&P Global Market Intelligence’s With Security Breaches Mounting, Now Is the Time To Move From Legacy MFA to Modern, Phishing-Resistant MFA shows that, despite the fact that 59% of respondents have been subject to a cyber attack in the past year, 91% still rely on the least secure authentication form factors most frequently, with username and passwords topping the list. Conversely, the most secure form factors, such as hardware-based USB security keys, biometrics, passwordless MFA, and smart cards are the least deployed. Worldwide, 3 billion phishing emails are sent every single day (Forbes). As phishing emails become more professional and harder to detect, it becomes just a matter of time until employees are fooled.

    “It doesn’t matter how strong your firewalls are if a user gives out their credentials to a phishing attack. All it takes is for someone to be tired and make one bad decision. They may have all the anti-phishing training in the world. Everyone’s human.”

    Shaun Tosler, Infrastructure Manager for Phoenix, an IT reseller serving the UK public sector

    It’s no surprise that over 90% of breaches are caused by human error (World Economic Forum). An employee likely won’t realise they’ve made a mistake.

    On average, it takes 212 days for an attack to be detected (IBM) and in many cases an organization may never realize they were the victim of a phishing attack.

    Stopping phishing attacks requires MFA. But not all MFA is created equal.

    The good news is, phishing can be stopped. All it takes is Multi-Factor Authentication (MFA). The most common forms of MFA use mobile authentication, such as One-Time-Password apps or SMS codes. However, research by Google, NYU, and UCSD based on 350,000 real-world hijacking attempts proved that these are not very effective in preventing account takeovers and targeted attacks. The problem is that mobile authentication itself is vulnerable to phishing attacks.

    True protection requires phishing-resistant MFA

    Hardware security keys deliver true protection for phishing-resistant MFA. The YubiKey is proven to stop over 99% of account takeovers.

    The world’s leading companies protect their account with security keys

    “We have had no reported or confirmed account takeovers since implementing security keys at Google.”

    “Protecting against remote attackers is a constant challenge, because once they gain access, they can move laterally through the organization to get the data they want.”

    “Any form of MFA is better than just a username and password, but most MFA can still be phished… We needed stronger authentication for all employees that couldn’t be phished.”

    S&P Global Market Intelligence research: old habits die hard

    Only 46% of respondents protect their enterprise applications with MFA. How about you?

    Have any questions?

    We’re here to help. Contact Sales to become more secure today.

    1. FBI

    2. 451 report

    3. Deloitte