Report: Credential Attacks Are on the Rise

A new report from HYPR and Cybersecurity Insiders reveals that despite the Zero Trust initiative, many organizations remain exposed to credential attacks due to insufficient multi-factor authentication (MFA) methods and overall lack of urgency after potential exposure.

In fact, 64 percent of those hacked did not enhance or improve their authentication controls following the attack. The findings also revealed the perpetual cyber risk of remote work continues to drive passwordless adoption amongst organizations on a global scale.

The “The 2022 State of Passwordless Security” report includes insights from more than 400 security and information technology professionals. It uncovers the state of conventional and passwordless authentication, key drivers, and barriers to adoption as well as overarching technology preferences, based on data from Cybersecurity Insider’s 500,000-member community.

A key finding from the report highlighted that 89 percent of survey respondents experienced a phishing attack against their organization in 2021, and more than a third (34 percent) experienced credential stuffing, a 17 percent uptick from the same survey conducted last year.

Responses indicated a 33 percent rise in push attacks, with 12 percent of organizations reporting weaponized push notifications as the method of hack – revealing the continued target on remote employees.

Despite the increasing number of breaches, only 35 percent believe their current authentication solution is fully secure. Additionally:

  • 64 percent of those hacked did not enhance or improve their password-based authentication controls following the attack
  • 65 percent of those that claim to be passwordless continue to employ methods based in secret-sharing, such as SMS or one-time password (OTP)
  • 19 percent are unsure whether their solution is truly “passwordless”

Other key findings include:

  • Traditional MFA is falling short for most organizations – Multi-factor authentication spending and overall adoption is on the rise, following regulatory pressures from global initiatives, specifically the Zero Trust IT security model, but reluctance remains prominent. Nearly half (49 percent) cite poor user experience as a major obstacle for traditional MFA adoption, closely followed by 48 percent stating lack of system interoperability and integration, and cost rounding out the top three with 42 percent.
  • In terms of password-MFA, many deemed the method as more of a burden, creating a greater impact on overall productivity. For example, 63 percent shared they were unable to access work critical information after failing to remember a password.
  • Organizations understand the need to go passwordless – In response to the damaging cyberattacks of 2021, coupled with work from home becoming a permanent option, more organizations are shifting to passwordless MFA. In fact, 25 percent of small-to-medium businesses (SMBs)and 34 percent of enterprises that kickstarted a passwordless initiative in 2021 with HYPR, were in the finance and insurance sector. The manufacturing sector was the second-largest adopter at 13 percent.
  • Most respondents (82 percent) believe strengthening their authentication security program is the major driver for passwordless MFA adoption. Contrary to traditional MFA, improved user experience followed as the second most important factor at 67 percent.
  • Meeting regulatory compliance was also notable at 40 percent. Additionally, of those companies that are passwordless:
    • Remote employees are the primary users of passwordless methods (86 percent).
    • Onsite employees follow at 73 percent demonstrating that many organizations are employing a hybrid work model.

For more information about HYPR, visit https://www.hypr.com.