Many firms still aren't using good passwords or authentication - and they're paying the price

office software
(Image credit: Photo by Headway on Unsplash)

It seems that many organizations aren't up to code when it comes to password hygiene and using authentication to safeguard themselves from the ever-present threat of phishing attacks.

What's perhaps worse is that they think they are doing a good job, with 88% of IT professionals claiming that their company is prepared for password-based cyberattacks. However, the majority also conceded to falling victim to one.  

This is according to a new report from Axiad, which surveyed over 200 IT professionals across the US from various sectors, including finance, government, retail, manufacturing, healthcare, and more.

Rise of phishing

The respondents also feared phishing the most (39%) out of any cyberattack, with nearly half believing such an attack is the most likely kind to occur.

Despite these concerns around passwords, Axiad found that 93% of businesses are still using them, with most reluctant to use alternatives out of a fear of change (64%). Other concerns included the potential need to replace technology in order to move away from passwords (54%), lack of time (51%) and staff (25%).

In terms of apportioning blame for passwords being exploited, the answers were varied. 35% blamed IT staff, 32% end users, 25% security teams, and 8% leadership. 

When asked what technologies they plan to use over the next year, the top answer from respondents was passwordless technology (45%), and 27% also said they would use multi-factor authentication (MFA). 

It also appears that the guidance from the Cybersecurity and Infrastructure Agency (CISA) was the most impactful (42%) on their authentication strategy, followed by the National Institute of Standards and Technology (NIST) (26%) and the White House Office of Management and Budget (OMB) (13%).

Bassam Al-Khalidi, co-CEO of Axiad, commented, "the survey results are alarming because, despite the rising number of these cyberattacks, most companies are still stuck in the status quo of using passwords as their primary method of authentication."

He also said that "generative AI has significantly lowered the entry barrier for cybercriminals to craft highly effective phishing emails," which makes matters worse when bad password practices are also at play, and explains why "attacks continues to skyrocket." 

Al-Khalidi believes that "the most effective thing they can do to bolster their cybersecurity posture is implement passwordless authentication and phishing-resistant MFA.”

MORE FROM TECHRADAR PRO

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.