- Blog
Produced by Yubico, a YubiKey is a small hardware device with an in-built unique code that helps to make phish-resistant multi-factor authentication (MFA) as simple and streamlined as possible.
In the pursuit of more advanced MFA practices, and in some cases completely passwordless access, many organisations are opting to invest in YubiKeys rather than traditional authentication apps or SMS verification systems.
In September 2022 Forrester conducted a Total Economic Impact report into Yubico Yubikeys, outlining the business benefits of their adoption along with the return on investment seen by organisations.
Security leaders from five separate enterprises already utilising YubiKeys were surveyed, and the findings were heartening for prospective customers. As a headline, Forrester found that the organisations interviewed saw their exposure to security breaches resulting from phishing and credential thefts slashed by 99.9 per cent through the use of YubiKeys, while simultaneously driving business growth, access to high-security contracts, and an overall improvement in their reputation.
The Business Benefits of YubiKeys for Cyber Security
Strengthened Security
Before utilising YubiKeys, organisations interviewed (particularly those without any MFA software or processes in place) were vulnerable to security risks at a rate unacceptable to their cyber security teams and management. Password policies were overly arduous, and the maintenance involved in password resets and updates was causing strain on IT teams, whereas those with legacy MFA solutions reported poor end user experience, high expenses, and commitments to technologies they had outgrown and were no longer happy with. As noted, following adoption of YubiKeys, the risk of phishing and credential thefts alone was slashed by 99.9 per cent, and interviewees reported high levels of user satisfaction.
“We have a risk-acceptance curve with a predicted cost of risk, and YubiKeys lowered our risk profile significantly. [To win budget for YubiKeys,] I sell YubiKeys as a huge risk reduction.”
Director of Information Assurance
Transportation Sector
“Ransomware typically gets onto systems via social engineering. Having [YubiKeys as] a second factor of authentication makes social engineering extremely difficult to almost near impossible. That’s where this becomes so important.”
Director of Security Engineering
Energy Sector
Business Growth
Through their improved security reputations, mitigated and avoided losses, and the ability to meet the strict security demands of key prospective customers, the use of YubiKeys offered Forrester’s target organisations with new business opportunities and subsequent growth. By promoting their use of YubiKeys, and the associated security benefits, existing clients and new customers alike were able to see the organisations’ commitment to meeting developing security threats head on and place their trust in them accordingly.
“We’ve definitely seen [YubiKeys’] positive impact on reputation and positive feedback.”
IT Product Manager
Media and Communications
“We’re protecting [critical] systems from bad actors [with YubiKeys]. If a breach happened and it was audited and disclosed, the impact to our company’s reputation and potential stock price could be super, super expensive.”
Senior Director of IT
B2B Technology
Security Operations Efficiency
Along with reducing the threat and potential financial and reputational consequences associated with phishing and credential attacks, by largely mitigating this concern for the interviewed organisations, YubiKeys substantially freed-up the time and availability of DevSecOps team members.
In addition, because most organisations will find YubiKeys usable out of the box with major open standards and most third-party solutions, the set-up time is minimal and should not be considered a resourcing concern. Note, for those third parties currently not able to support YubiKeys or an open standard, Yubico offers integration support for technology partners.
Help Desk Support Savings
Following adoption of YubiKeys, the interviewed organisations saw a substantial decline in support tickets related to access. This spans password updates, resets, and related support tickets, as well as those tickets associated with authentication apps and legacy MFA solutions.
While the organisations did experience tickets concerning YubiKeys in the early days following implementation, this improved over time and throughout adoption and ongoing use constituted a significant overall reduction in help desk tickets and time spent.
“There usually was a surge in tickets in [whenever phonemakers] release new phones. We’ve actually eliminated that class of tickets completely because we no longer need people to repair their own authenticator when setting up a new device.”
IT Product Manager
Media and Communications
Return on Investment
The organisations interviewed by Forrester saw payback on their original investment in their YubiKeys after only 11 months. Furthermore, the overall return on investment seen by these same companies was calculated at over 200 per cent.
Throughout its study, Forrester demonstrated how YubiKeys not only constitute a sound financial investment for security teams in the long run, but also help organisations looking to improve on their MFA provision while including phish-resistant coverage.
For more information on YubiKeys, or to place an order for your organisation, pleasecontact usand a member of our account management team will be in touch to discuss your requirements.
Discover Our Professional Cyber Security Services
Learn More
You may also be interested in these articles:
Blog
Conditional Access: The Foundation of Zero Trust Security
In today’s cloud-first, remote-enabled world, safeguarding your organisation’s resources from both internal and external threats is critical. As organisations undergo
Read More »
September 10, 2024
Blog
Securing Identity and Access with Microsoft Entra ID
In July 2023, Microsoft announced the rebranding of Azure Active Directory (Azure AD) to Microsoft Entra ID. This change reflects
Read More »
August 30, 2024
PrevPrevious
NextNext
Recent Posts
Conditional Access: The Foundation of Zero Trust Security
Read More »
Securing Identity and Access with Microsoft Entra ID
Read More »
Understanding, Detecting, and Protecting Against AiTM Attacks
Read More »