The importance of strong authentication for hybrid and remote working

By Nic Sarginson, Principal Solutions Engineer at Yubico.

With hybrid and remote working practices seemingly here to stay, businesses must ensure that their security strategies can keep up with these new needs. Yubico’s 2021 research into ‘cybersecurity in the work from anywhere era’ found that 42 per cent of workers feel more vulnerable to cyber threats while working from home, along with 39 per cent feeling unsupported by IT, and 62 per cent reported not having completed cybersecurity training for remote work. The report also revealed a degree of overconfidence in spotting phishing attacks, which remains a top cyber risk for organisations.

Growing cyber risks

Phishing continues to grow in volume and sophistication, and is consistently cited as the root cause of over 80 per cent of data breaches. To mitigate this, user authentication needs to be phishing-resistant and built for hybrid working. The primary challenges facing IT departments is to make the process secure, yet simple for remote users.

Much of the difficulty with maintaining effective cybersecurity is ensuring that log in credentials are as secure as possible. Both global organisations and individual online users are too reliant on the use of methods such as passwords. And they do not review these methods frequently enough. Indeed, despite the reliance on passwords, it can be difficult to create and manage passwords that are easy to remember yet complex enough to not be easily compromised. In fact, results from the NCSC’s UK Cyber Survey revealed that 23.2 million global online accounts were breached which had the password as 123456.

One-time passcodes (OTPs) sent by SMS and mobile authentication apps are the most popular forms of two-factor authentication (2FA) in this ‘work from anywhere’ era. While any form of multi-factor authentication (MFA) offers better security than just a username and password combination, they are still vulnerable to phishing, man-in-the-middle (MitM) attacks, SIM swapping and account takeovers. And on the usability side, while keying in an OPT may seem easy, it is a fairly cumbersome additional step that users will soon tire of. There is also the added issue of having to ensure that a mobile device is charged, within signal, and available to be used.

Benefits of strong authentication

If remote devices are not equipped with proper cybersecurity tools, they can easily be used as a point of entry by cybercriminals when connected to the internet. Additionally, using weak or outdated login credentials poses equal risk, as they can be stolen by attackers to gain access into an organisation’s internal networks. Both scenarios can result in devastating reputational, legal, and financial consequences for targeted companies. To mitigate these risks and ensure business continuity, organisations should implement stronger authentication methods, such as hardware security keys, for their remote workforce.

Hardware-based security keys ensure the protection of remote workers by replacing traditional authentication methods with a single portable device that is unique to each individual user. Such keys utilise FIDO2 and WebAuthn open authentication standards to deliver a high level of security, prevent account takeovers, and defend against potential cyberthreats. Security keys which leverage FIDO2 are phishing resistant, pairing such things as origin binding, cryptographic challenges, and user presence checking with a smooth user friendly flow, whilst all kept within a secure portable device.

Major global organisations such as Google, Twitter, Salesforce, and the US Government recognise the effectiveness of strong authentication methods and have begun integrating these practices into their business-wide cybersecurity protocols. Google, in particular, has made 2FA security keys a mandatory requirement for its two million YouTube creators and has auto enrolled an additional 150 million Google users into the programme.

Hardware-based security keys provide strong authentication while also reducing user friction at login, compared with other multi-stage authentication protocols. Security keys that meet FIDO2 and WebAuthn standards help pave the way for interoperability. This evolving modern authentication ecosystem is helping deliver security and usability, while also meeting the need for portability, compatibility, and scale. In this way, strong authentication helps smooth the migration towards passwordless – a migration that makes secure, user-friendly tools the future of authentication.

By Daniel Spicer, Chief Security Officer at Ivanti.
Bridging the Gap between Sustainability and CX By Jay Patel VP & GM, Webex CPaaS
How the tech industry can play its part in reducing carbon emissions Corporate social responsibility is now a business imperative and should be leading the business agenda. Technology companies need to demonstrate that they are taking sustainability and a reduction of their impact on the environment seriously. It’s a huge subject and more and more we are seeing customers demanding to know what we are doing. By Scott Dodds, CEO, Ultima Business Solutions
Sustainability as a primary driver of innovation Innovation can and must play a critical role in helping to simplify the problems and break the trade-offs between economics and sustainability. By Ved Sen, Business Innovation at Tata Consultancy Services
Ring the changes with circular IT procurement It is fair to say that sustainability and environmental responsibility is higher on the agenda for many businesses now than it has been over previous years. Not only is legislation slowly pushing businesses in this direction but the media spotlight, its increased importance to staff, as well as the high priority placed by consumers, means that many businesses are making improvements to their environmental footprint. By Mark Sutherland, director of e-commerce at Stone Group
Why businesses cannot COP-out of responsibility for sustainability action By Michiel Verhoeven, MD SAP UKI
Why digital transformation and green initiatives go hand-in-hand By David Mills, CEO Ricoh Europe