Yubico survey finds rising AI-driven cyber threats globally

Yubico, a provider of hardware authentication security keys, has released its 2024 Global State of Authentication survey findings. Conducted by Talker Research, the survey polled 20,000 individuals globally, including respondents from Australia, France, Germany, India, Japan, Poland, Singapore, Sweden, the United Kingdom, and the United States. The study sought to understand the perceptions and impacts of cybersecurity on both personal and corporate levels, scrutinising the risks associated with inadequate security practices and the growing influence of Artificial Intelligence (AI) on cyber threats.

According to the survey, 46% of Australian respondents experienced a password compromise over the past year. Social media accounts were the most commonly affected, with 39% reporting these had been compromised, followed by online retailer accounts (22%) and payment apps (20%).

Security concerns differ significantly between personal and organisational contexts. While 55% of respondents expressed greater concern for their personal information, only 8% were primarily worried about the company's security. A substantial portion of respondents, 31%, expressed equal concern for both personal and corporate security.

Derek Hanson, Vice President of Standards and Alliances at Yubico, commented on the findings: "The results highlight the need for a holistic cybersecurity strategy that encompasses both home and work environments. This includes adopting stronger authentication methods to become phishing-resistant and fostering a culture of security awareness through consistent employee training. Ultimately, building a unified front against cyber threats requires a concerted effort to bridge the gap between perceived and actual security."

The survey also revealed that 43% of Australian respondents had fallen victim to a successful cyberattack or scam, with 17% noting a personal account hack and 16% having personal information stolen from third parties such as online retailers or apps. Additionally, 10% admitted to falling for an online scam or phishing attempt.

AI has raised notable concerns, with 80% of respondents believing that online scams and phishing attempts have become more sophisticated due to AI, and 74% believing those scams have become more successful. Despite this, 42% reported not receiving any cybersecurity training from their employers.

Globally, the survey found that username and password remain the most common form of authentication, employed by 58% of users for personal accounts and 54% for work accounts. However, this method is considered the least secure. Furthermore, 39% of respondents incorrectly believed that username and password combinations are among the most secure authentication methods, while 37% considered mobile SMS-based authentication secure, both of which are vulnerable to phishing attacks.

Among other critical findings, 40% of surveyed individuals were either uncertain or did not believe that the online apps and services they use are doing enough to protect their data and accounts. Despite these concerns, 22% had never conducted a personal cybersecurity audit, such as updating cybersecurity software or changing compromised passwords.

The survey highlighted that organisational measures often fall short. Around 40% of employees have never received cybersecurity training from their employers, and only 27% believe the security measures in place at their organisations are very secure. Furthermore, over one-third (34%) of respondents reported not receiving instructions to secure their work accounts beyond a username and password upon starting their jobs. Additionally, 41% noted that security measures at their companies vary based on position and title, providing potential gaps for cyber criminals.

Hanson emphasised the broader implications of personal cybersecurity on professional environments: "When individuals fail to secure their personal accounts, they also put their workplaces at risk. This is why it's crucial for enterprises to adopt a holistic approach to cybersecurity that considers the security of both work and personal environments."