It seems that many organizations aren't up to code when it comes to password hygiene and using authentication to safeguard themselves from the ever-present threat of phishing attacks.
What's perhaps worse is that they think they are doing a good job, with 88% of IT professionals claiming that their company is prepared for password-based cyberattacks. However, the majority also conceded to falling victim to one.
This is according to a new report from Axiad, which surveyed over 200 IT professionals across the US from various sectors, including finance, government, retail, manufacturing, healthcare, and more.
Rise of phishing
The respondents also feared phishing the most (39%) out of any cyberattack, with nearly half believing such an attack is the most likely kind to occur.
Despite these concerns around passwords, Axiad found that 93% of businesses are still using them, with most reluctant to use alternatives out of a fear of change (64%). Other concerns included the potential need to replace technology in order to move away from passwords (54%), lack of time (51%) and staff (25%).
In terms of apportioning blame for passwords being exploited, the answers were varied. 35% blamed IT staff, 32% end users, 25% security teams, and 8% leadership.
When asked what technologies they plan to use over the next year, the top answer from respondents was passwordless technology (45%), and 27% also said they would use multi-factor authentication (MFA).
It also appears that the guidance from the Cybersecurity and Infrastructure Agency (CISA) was the most impactful (42%) on their authentication strategy, followed by the National Institute of Standards and Technology (NIST) (26%) and the White House Office of Management and Budget (OMB) (13%).
Bassam Al-Khalidi, co-CEO of Axiad, commented, "the survey results are alarming because, despite the rising number of these cyberattacks, most companies are still stuck in the status quo of using passwords as their primary method of authentication."
He also said that "generative AI has significantly lowered the entry barrier for cybercriminals to craft highly effective phishing emails," which makes matters worse when bad password practices are also at play, and explains why "attacks continues to skyrocket."
Al-Khalidi believes that "the most effective thing they can do to bolster their cybersecurity posture is implement passwordless authentication and phishing-resistant MFA.”
