ChannelLife Australia - Industry insider news for technology resellers
Australia
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
Ransomware
#
MFA
#
Phishing

Australian firms move to passkeys as cyber threats bypass MFA

Thu, 17th Apr 2025
Author image
By Catherine Knowles, Journalist

Australian organisations are being prompted to move beyond traditional Multi-Factor Authentication (MFA) strategies as cyber threats continue to bypass existing security measures.

Recent developments in cybercrime have exposed various vulnerabilities in legacy MFA systems. Attackers are increasingly using techniques such as MFA fatigue attacks, where users receive repeated authentication requests that can result in approval of malicious access due to sheer persistence, as well as phishing and social engineering efforts aimed at tricking users into providing authentication details. Other threats involve token theft and session hijacking, allowing cybercriminals to gain access without triggering further MFA prompts.

The heightened risk in Australia is underscored by data from official sources. The Australian Signals Directorate (ASD) recorded more than 1,100 cybersecurity incidents in the 2023–24 financial year. During the same period, nearly 87,400 cybercrime reports were made nationally, amounting to roughly one incident every six minutes. Eleven percent of reported incidents involved ransomware, which reflects a three percent rise compared to the previous year's figures.

The Office of the Australian Information Commissioner (OAIC) also noted a substantial impact, stating that 38% of all data breaches in the first half of 2024 were attributable to cybersecurity incidents. Of these, 57% were categorised as malicious or criminal attacks.

Business Email Compromise (BEC) is another growing concern. A CyberCX report from 2024 highlighted that 75% of BEC attacks in Australia now involve phishing kits capable of session hijacking, a significant increase from only 10% in 2022. This shift further demonstrates the shortcomings of static authentication methods and the urgency for enhanced, identity-first security strategies.

As the threat landscape evolves, passwordless authentication, particularly the adoption of passkeys, is emerging as a key solution to mitigate these risks. Passkeys utilise public-key cryptography and eliminate the need for traditional passwords, thereby reducing the potential for phishing and credential theft. Major technology providers such as Google, Apple, and Microsoft are now integrating passkey support into their platforms, reflecting a broader industry migration toward passwordless security.

The trend is gaining traction in Australia, with the federal government's myGov service implementing passkeys in June 2024. Initial uptake saw more than 20,000 users set up passkeys in the first week, growing to 170,000 by late August. This adoption rate underscores a growing willingness among Australians to transition to more advanced authentication methods.

The federal government is also investing further in digital security. A funding commitment of AUD $288.1 million over four years from 2024–25 has been announced to expand and improve the country's Digital ID system. The aims include enhanced security, streamlined access to government services, and the empowerment of Australians to access economic and privacy benefits associated with Digital ID.

Best practice for organisations considering a move toward passwordless authentication entails a phased and strategic approach. This includes assessing current authentication frameworks for vulnerabilities, educating users about the advantages and operation of passkeys, and gradually deploying the new technology to address any issues as they arise.

According to industry commentary, the shift to passwordless systems can deliver improved security, lower operational costs from reduced password management, and better user satisfaction. "By proactively adopting passwordless authentication, organisations can enhance security, reduce operational costs associated with password management, and improve user satisfaction," the statement explained.

Cybersecurity consultancies such as Borderless CS are involved in supporting Australian organisations as they make this transition. Based in Melbourne, Borderless CS works with clients in sectors including aged care, not-for-profits, local government, and small to medium enterprises to adopt identity-centric security frameworks. The consultancy focuses not only on deploying tools but also on guiding clients through multi-stage transitions from traditional MFA to passwordless environments, evaluating identity risk, and deploying secure access at scale.

"Rather than simply providing tools, Borderless CS takes a solution-first approach—guiding organisations through secure transitions from traditional MFA to passwordless infrastructure. Their work focuses on long-term resilience: evaluating identity risk exposure, deploying secure access protocols, and enabling frictionless user authentication at scale," the statement noted.

Experts in the sector argue that identity security is now central to organisational IT strategies. "Moving beyond MFA is no longer just an option—it's a strategic imperative. With identity becoming the new perimeter, organisations must invest in authentication frameworks that are secure, scalable, and resistant to social engineering."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Hitachi Vantara unveils VSP One with AI ransomware defence
Cobalt report reveals gaps in critical vulnerability fixes
Cyber Threat Insure launches new model for MSPs in Aust
Australia's cyber sector grows amid increasing attack risks
SmartBear appoints Kristine Hunt to lead global growth
Top stories
Telstra tech helps Good Friday Appeal donations top USD $1m
Certinia unveils Spring '25 update with advanced AI tools
Thesys launches C1 API for AI-powered dynamic interfaces
Lasso introduces first security gateway for MCP workflows
Kiteworks reveals the top data breaches of 2024 report