The PRWIRE Press Releases https:// 2021-06-09T00:13:35Z Yubico Research Reveals More Than Three Quarters of Enterprises in the UK, France and Germany Are Undervaluing Two-Factor Authentication 2021-06-09T00:13:35Z yubico-research-reveals-more-than-three-quarters-of-enterprises-in-the-uk-france-and-germany-are-undervaluing-two-factor-authentication Yubico, the leading provider of hardware authentication security keys, today released the results of a comprehensive study into current attitudes and adaptability to at-home corporate cybersecurity, employee training, and support in the current global hybrid working era. The report surveyed 3,006 employees, business owners, and C-suite executives at large organisations (250+ employees), who have worked from home and use work issued devices in the UK, France and Germany.  Findings from the report offer insights into the use of work-issued devices for personal matters, sharing and remembering business passwords, the adoption of two-factor authentication (2FA), and other security measures, coupled with how enterprises are responding.  Data shows that since the start of the pandemic employees have been engaging in poor cybersecurity practices on work-issued devices, with business owners and C-level executives proving to be the worst culprits. At the same time, enterprises are falling short on cybersecurity best practices that need to be implemented for out-of-office environments. Less than a quarter of respondents admit to even implementing 2FA since the start of the pandemic and even then, many are using less secure and less user-friendly forms of 2FA like mobile authentication apps and SMS one-time passcodes. “The research shows that many organisations are still finding their feet in these new, mostly virtual, work environments, and while this flexibility can deliver new opportunities for businesses and employees, they shouldn’t ignore the growing cybersecurity risks that come with it,” said Stina Ehrensvärd, CEO and Founder, Yubico. “Threat actors are finding new and innovative ways to breach corporate defenses which require modern security solutions like the YubiKey. In fact, a user deployment study by Google highlights the remarkable benefits and ROI for YubiKey hardware-based authentication and the standards work we have spearheaded.” Key findings from the survey include: 54% of all employees use the same passwords across multiple work accounts. 22% of respondents still keep track of passwords by writing them down, including 41% of business owners and 32% of C-level executives. 42% of respondents admit to using work-issued devices for personal reasons daily while working from home. Of these, 29% are using work devices for banking and shopping, and 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with almost a quarter (23%) of business owners and 15% of C-level respondents using them for illegal streaming/watching TV. A year after the pandemic began and work-from-home policies were implemented, 37% of all employees across all sectors are yet to receive cybersecurity training to work from home, leaving businesses largely exposed to evolving risks. 43% of all employees suggest that cybersecurity isn’t the responsibility of the workforce, with nearly two thirds (60%) believing this should be handled by IT teams. However, data suggests that IT departments are not meeting employee expectations, with just 37% feeling more supported by IT than they did when working onsite with their firm’s cybersecurity team close by. Meanwhile, a supportive top-down security culture is lacking, causing employees to feel increased levels of anxiety or stress when dealing with IT or security problems. 51% often try to solve their own IT problems rather than contacting IT, and 40% who clicked on a suspicious link wouldn’t immediately tell IT. Despite 2FA technology being the best line of defense to protect against account takeovers, only 22% of respondents report their company has introduced it since the pandemic began. Even among organisations who have implemented 2FA, only just above a quarter (27%) are rolling out FIDO-compliant hardware security keys, which offer the most advanced form of phishing protection, while others rely on more vulnerable and outdated solutions, such as mobile authentication apps (54%) and SMS one-time passcodes (47%). Highlights by country:  United Kingdom UK business owners are stricter about their personal use on work devices than their counterparts in Germany and France. In contrast, UK-based employees have become more relaxed: 20% more of them admit to using work-issued devices for personal affairs since working from home. Meanwhile, UK respondents feel less supported by IT than those in Europe – but they’re also the most confident in their own ability to spot phishing attacks, with 80% of all employees indicating they could identify an attempted breach. Key 2021 employee habits include:  73% of business owners and 71% of C-level execs allow third parties to use work devices 42% feel more vulnerable to cyber threats while working from home, with  39% feeling unsupported by IT 62% have not completed cybersecurity training for remote work When having clicked a suspicious link during work, 16% figure it out by themselves while 12% “ask Google” 22% would use the same work email log-in again after a security breach, while 31% would share work email passwords 62% would rather have their work credentials than personal data stolen The main personal activities on work devices are: Article reading 36%; admin 36%; shopping 36%; banking 30%; social media 28%; gaming 15% France A lax attitude to cybersecurity is not exclusive to French employees but some of their actions and beliefs are of concern. 26% of those who hope to continue working remote post-pandemic ignore software and operating system updates for their work-issued devices. These are vital to maintaining a barrier against cyber threats. While 59% of all respondents based in France believe IT should be solely responsible for cybersecurity, 63% believe employees that are working from home should take more ownership. Just 30% of all respondents say they have received security training, and 36% feel they are less supported by IT compared to when working in the office. This is likely prompting the 48% of all employees who attempt to fix IT issues on their own, rather than notifying IT, and this percentage rises to 69% for both business owners and the C-suite. As we have seen, this can be linked to over-confidence about spotting phishing attacks – with 67% of all employees feeling they can identify one. Among new cybersecurity policies which have been implemented since working from home, half of French businesses (50%) require a VPN to access the corporate network, 33% enforce the use of stronger passwords, while 30% request password updates more frequently, and only 19% require 2FA. 57% of French employees consider SSO requirements as being cumbersome or disruptive to their workflow, 54% for 2FA. Key employee habits include:  Everyday personal use of work-issued devices: pre-Covid 41%; post-Covid 53% Main personal use activities on work devices: admin 37%; article reading 35%; banking 27%; gaming 10%; illegal streaming 10% Everyday work use of personal devices: pre-Covid 30%; post-Covid 42%allow third parties to use device: business owner 78%; C-level 70% Feeling more vulnerable to cyber threats since working from home: 40% Feeling unsupported by IT: 36% Completed cybersecurity training for remote work: 30% say yes Remembering work passwords: 23% write them down; 14% use a password manager; 11% save to a document on the device; 11% use the same password for multiple accounts Would use same work log-in again after breach: 23% Share work email passwords: 28% Confident about spotting phishing attempt: 67% Would rather have work credentials than personal data stolen: 75% Germany In Germany, some employees have taken a stricter approach to cybersecurity during the pandemic. While everyday personal use of work-issued devices has risen overall, the proportion of people doing this, who already worked from home pre-pandemic, fell from 42% to 34% – suggesting they are more conscious of the increased risk. As with the overall responses, business owners fall short when it comes to security: a quarter of German based business owners admit to using work devices for illegal streaming. Only 35% say they have received cybersecurity training from their employer. This includes half of all C-level executives, but only a quarter of entry-level employees.  Patching is patchy, too; important updates on work devices are strongly neglected, only 11% on average keep their work devices updated, along with a further 27% of home workers.  Additionally, respondents based in Germany are overly confident in spotting a phishing attempt with 71% of all employees stating they are very or somewhat confident. Key employee habits include:  Everyday personal use of work-issued devices: pre-Covid 21%; post-Covid 30% Main personal use activities on work devices: article reading 48%; social media 40%; admin 34%; banking 31%; shopping 31%; gaming 19% Everyday work use of personal devices: pre-Covid 19%; post-Covid 28% Allow third parties to use device: business owner 90%; C-level 65% Feeling more vulnerable to cyber threats working from home: 36% Feeling unsupported by IT: 32% Completed cybersecurity training for remote work: 35% say yes Immediate reaction to clicking suspicious link during work: 59% tell IT ASAP; 18% “ask Google” Remembering work passwords: 23% write them down; 21% use a password manager; 12% save to document on the device; 8% same password for multiple accounts Would use same work log-in again after breach: 21% Never share work email password: 69%  Confident about spotting phishing attempt: 71% Would rather have work credentials than personal data stolen: 63% Download the complete report here, and for a deeper dive into the findings from this report, sign up for the upcoming Yubico webinar, State of cybersecurity in Europe during the Covid-19 crisis on June 29 at 11 am PST. The research was conducted by independent research company Censuswide, with 3,006 employees at large organisations (250+ employees), who have worked from home at some stage and have work issued devices in the UK, France and Germany between February 19, 2021 and March 3, 2021. Censuswide abide by and employ members of the Market Research Society which is based on the ESOMAR principles. Yubico Expands FIPS 140-2 Product Line with YubiHSM 2 FIPS, the World’s Smallest FIPS Validated Hardware Security Module 2021-05-04T23:40:28Z yubico-expands-fips-140-2-product-line-with-yubihsm-2-fips-the-world-s-smallest-fips-validated-hardware-security-module Yubico, the leading provider of hardware authentication security keys, today announced its latest FIPS 140-2 product offering, and the first of its kind for the company: YubiHSM 2 FIPS. Today’s news comes alongside the YubiKey 5 FIPS Series launch, the company’s most recent security key line to receive FIPS 140-2 validation.  The YubiHSM 2 launched in 2017, but this marks the first FIPS-validated version of the product. The YubiHSM 2 FIPS is certified at FIPS 140-2, Level 3. With the added availability of YubiHSM 2 FIPS, organisations in highly-regulated industries such as government, financial services, healthcare, and energy now have the opportunity to reap the same security benefits that many other YubiHSM users have. This includes advanced protection for certificate authority (CA) keys, database master keys, code signing, authentication/access tokens, manufacturing processes and component authenticity checks, IoT gateways or proxies, file encryption, cryptocurrency exchanges, and more.  “The YubiHSM 2 FIPS is an exciting addition to our recently updated FIPS-validated product line,” said Suresh Thiru, Chief Product Officer, Yubico. “Our high-risk customers are now equipped with a full product suite that helps them not only achieve and maintain compliance, but also advance their security posture across the entire organisation. From protecting servers to users, regardless of their location, Yubico is the partner who strives to do it all.”  Primary benefits of the YubiHSM 2 FIPS include:  Secure hardware protection for cryptographic keys — The YubiHSM 2 FIPS enables secure key storage and operations on tamper-resistant hardware, with audit logging. This prevents accidental copying and distribution of keys, and remote theft of cryptographic software keys. Extensive cryptographic capabilities include: hashing, key wrapping, asymmetric signing, decryption, attestation and more.  Innovative design for flexible use and simple deployment — Traditional rack-mounted and card-based HSMs are not practical for many organisations due to their size and deployment complexity. The YubiHSM 2 FIPS offers a portable ‘nano’ form factor that allows fast and flexible deployment across diverse environments. It fits easily into a USB-A slot, lying almost flush to remain concealed.  Low-cost, high security ROI — The YubiHSM 2 FIPS delivers government-grade high cryptographic security and operations at a price point that is up to 90% cheaper than traditional HSMs. Additionally, low-power usage reduces business energy consumption.  Along with the rest of Yubico’s FIPS product lineup, YubiHSM 2 FIPS is manufactured using stringent processes and a secure supply chain for trustworthy components, ensuring strong security and regulatory compliance for the most security-conscious organisations. For more information on YubiHSM 2 FIPS, please visit the Yubico website. It is also available for purchase on the Yubico store, through Yubico’s dedicated sales team, or from any Yubico-approved channel partners and resellers.  New Study by Yubico and 451 Research reveals nearly 75% of Enterprise Security and Risk Managers Plan to Increase Multi-Factor Authentication Spending 2021-04-27T23:33:03Z new-study-by-yubico-and-451-research-reveals-nearly-75-of-enterprise-security-and-risk-managers-plan-to-increase-multi-factor-authentication-spending Yubico, the leading provider of hardware authentication security keys, today announced the results of a new research study, Work-from-Home Policies Driving MFA Adoption, But Still Work to be Done, conducted in partnership with 451 Research across North America. The report analyses preferences and adoption trends with respect to multi-factor authentication (MFA) in the enterprise and ultimately reveals that while MFA adoption and spending is on the rise, organisations are still unclear on best practices and methodologies. The findings show that MFA adoption and spending has increased within the enterprise due to a confluence of several factors: the growing recognition that stolen credentials and phishing attacks are at the root of most security breaches; the rise of work-from-home (WFH) policies due to the COVID-19 pandemic; and the adoption of modern authentication standards such as Fast Identity Online (FIDO) U2F, FIDO2 and WebAuthn that underpin new advances in two-factor (2FA) and passwordless authentication. However, the research also highlights a variety of barriers to more widespread MFA usage such as inconvenience, complexity, and cost. Furthermore, many enterprises remain largely unaware of the security defects found within more common mobile MFA form factors such as SMS-based authentication, which has been widely deprecated for years. “The pandemic and the move to cloud-based office applications has been a turning point for enterprises to implement and modernise their multi-factor authentication,” said Stina Ehrensvärd, CEO and Founder, Yubico. “What this research shows is that while there is an appetite for strong security with an elegant user experience, many companies stick with less effective old habits and technologies. A user deployment study by Google was the first to highlight the remarkable benefits and return on investment of YubiKeys and security keys. This new research is a great further validation of the authentication technology Yubico invented and the standards work we have spearheaded.” Key findings from the survey include: ●       MFA spending trends are encouraging with nearly three out of four respondents (74%) planning to increase spending on MFA. It was the top security technology to be adopted due to COVID-19 and the subsequent migration to WFH (49%).  ●       Over half (53%) of all respondents have experienced a security incident or breach in the past year and MFA was among the top three security technologies adopted as a response to a security breach. ●       Increased security is the number one reason enterprises are adopting MFA, with 57% of respondents reporting as much. User experience (43%), complexity (41%), and cost (36%) are still the main obstacles to MFA adoption, which comes as no surprise. These challenges have long been common complaints about MFA, even though modern authentication technologies such as biometrics and security keys have been proven to provide better security and usability than legacy MFA technologies.  ●       Despite the increase in security vulnerabilities for mobile and SMS-based MFA, mobile OTP authenticators (58%), mobile push-based MFA (48%), and SMS-based MFA (41%) are among the most popular MFA form factors other than passwords. This reveals that enterprises may still perceive mobile MFA as being more user-friendly and accessible than other MFA options and are prioritising user experience over security benefits despite reporting otherwise.  ●       Many organisations still rely heavily on SMS-based authentication, but only 22% perceive security of this form factor as an issue despite growing evidence of breaches and attacks exploiting mobile or SMS-based authentication methods. ●       Enterprises are stopping at privileged users when it comes to usage of MFA but time and time again breaches are showing that lower-level employees can leave an organisation vulnerable by being a 'way in' for adversaries. The research shows that privileged users and third parties (contractors, consultants, partners) are the most likely to use MFA, while end customers are the least likely. ●       FIDO2 and passwordless authentication are gaining momentum as ways to address traditional MFA pain points as more than half of the organisations surveyed (61%) have either deployed or have passwordless authentication in pilot (34% of respondents have already deployed passwordless technology, 27% in pilot). About the Study In November 2020, 451 Research conducted an online survey of organisations that have implemented two-factor or multi-factor authentication across North America. The survey targeted 200 executive management, senior IT management, mid-level management, senior security and risk staff, and senior risk staff in verticals such as technology, financial services, education, professional services, retail and the government sector. In addition, the survey captured data from respondents representing companies with 1-10,000+ full-time employees. Download the complete report here, and for a deep dive into the findings from this report, sign up for the upcoming Yubico webinar, Remote Work During COVID-19 Drives MFA Adoption, on May 18 at 10 am PT. Yubico Delivers New Security Key to Defend Against Hackers in the Age of Modern Work, the YubiKey 5C NFC 2020-09-09T23:29:04Z yubico-delivers-new-security-key-to-defend-against-hackers-in-the-age-of-modern-work-the-yubikey-5c-nfc Yubico, the leading provider of hardware authentication security keys, today announced the general availability of the YubiKey 5C NFC, the world’s first multi-protocol security key with smart card support, designed with both near-field communication (NFC) and USB-C connections on a single device. The YubiKey 5C NFC is the latest addition to the YubiKey 5 Series product line, and is available to purchase today at yubico.com for $55 USD. The YubiKey 5C NFC comes at a time when the need for simple, yet strong authentication is on the rise globally. COVID-related phishing attacks continue to surge in the context of remote work, and millions of corporate-owned devices are now shared with families and home networks, making it critical for companies to secure users from any location and machine. Meanwhile, the increasing overlap of personal and work responsibilities demands solutions that are easy to use and non-prohibitive for end users. “The way that people work and go online is vastly different today than it was a few years ago, and especially within the last several months,” said Guido Appenzeller, Chief Product Officer, Yubico. “Users are no longer tied to just one device or service, nor do they want to be. That’s why the YubiKey 5C NFC is one of our most sought-after security keys — it’s compatible with a majority of modern-day computers and mobile phones and works well across a range of legacy and modern applications. At the end of the day, our customers crave security that ‘just works’ no matter what.” Unlike mobile-based authentication offerings, security keys — like the YubiKey — offer the strongest defense against phishing and man-in-the-middle attacks, paired with a seamless user experience. With one simple tap or touch, the YubiKey 5C NFC can be used to authenticate across all leading platforms — iOS, Android, Windows, macOS and Linux — and on any mobile device, laptop, or desktop computer that supports USB-C ports or NFC. YubiKey authentication can be up to four times faster than logging in with a one-time passcode. Similar to other form factors in the YubiKey 5 Series, the YubiKey 5C NFC supports multiple authentication protocols including: FIDO2 and WebAuthn, FIDO U2F, PIV (smart card), OATH-HOTP and OATH-TOTP (hash-based and time-based one-time passwords), OpenPGP, YubiOTP, and challenge-response. This robust multi-protocol support enables one key to work across a wide range of services and applications ranging from email clients, identity access management (IAM) solutions, VPN providers, password managers, social media platforms, collaboration tools, and many more. For enterprises, the flexibility of the YubiKey 5C NFC makes it simple to deploy and eliminates the need for costly custom integrations or separate authentication devices for each system. Now, with the recent availability of Yubico’s YubiEnterprise Service offerings, YubiEnterprise Subscription and YubiEnterprise Delivery, organizations can quickly and cost-effectively deploy YubiKey authentication at scale, regardless of employee locations. IT administrators can easily upgrade to the latest YubiKey form factors, including the new YubiKey 5C NFC, and ship them directly to their employees’ front door steps. For more information about the YubiKey 5C NFC, visit the Yubico store. To add support for hardware-backed two-factor authentication (2FA) with the YubiKey, visit the Yubico Developer site. In addition to purchasing YubiKeys from our online store, you can purchase the YubiKey 5C NFC through any of our authorised resellers/distributors around the world.