Yubico-logo

Hackers don’t break in.
They log in.

90% of all internet breaches are due to stolen login credentials. Are you and your organisation secure against phishing attacks?

Cyber crime is surging like never before…

0 %

Rise in cyber crime since the pandemic began (FBI).

0 %

Of companies in Europe & the Middle East have been victims of cyber attacks (Thales).

0 /10

Cyber attacks begin with a phishing email (Deloitte).

Most cyber attacks begin as phishing attacks

Phishing is the fraudulent practice of inducing people to reveal sensitive personal information such as credit card numbers and login credentials passwords.

In a typical phishing attack…

1. User receives message containing “real” information

Target receives email seemingly from a real person or reputable business

2. Target tricked into sharing login details on fake website

The design and URL of the fake website will seem identical to genuine site

3. Cybercriminals are now able to enter the real website

Hackers can now commit fraud or blackmail the user into paying a ransom

The consequences of a phishing attack are devastating

Once hackers have successfully logged in, there are many ways they can damage your organisation. Company secrets and private data can be leaked, or even sold online. Hackers can use this data, or the threat of paralysing crucial business systems, to demand costly ransoms. They may even stay undetected for months or years, slowly gathering sensitive information.

Suffering a hack can severely impact an organisation’s bottom line. In 2022, the cost of an average data breach rose to a record-breaking $4.35 million (IBM).

Yubico’s State of Global Enterprise Authentication survey found that of companies who were victims of a cyber attack…

0 %
experienced Reputational Damage
0 %
saw Increased Employee Turnover
0 %
suffered Loss of Income

Companies are more vulnerable than they realise

The survey  also found that 59% of employees still use username and password as a primary means of authenticating their accounts. Worldwide, 3 billion phishing emails are sent every single day (Forbes). As phishing emails become more professional and harder to detect, it becomes a matter of time till employees are fooled.
That’s why it’s no surprise that over 90% of breaches are caused by human error (World Economic Forum). An employee likely won’t realise they’ve made a mistake. On average, it takes 212 days for an attack to be detected (IBM) and in many cases an organisation never even realises they were the victim of a phishing attack.

Stopping phishing attacks requires MFA. But not all MFA is created equal.

The good news is, phishing can be stopped. All it takes is Multi-Factor Authentication (MFA). The most common forms of MFA use mobile authentication, such as One-Time-Password apps or SMS codes. However, research by Google, NYU, and UCSD based on 350,000 real-world hijacking attempts proved that these are not very effective in preventing account takeovers and targeted attacks.

The problem is that mobile authentication itself is vulnerable to phishing attacks.

True protection requires phishing-resistant MFA, such as a hardware security key. The YubiKey is proven to stop over 99% of account takeovers.

Find out more by filling out the form below