Cybersecurity Experts Highlight MFA, Passkeys as Key Defenses Amid Rising Phishing and AI-Driven Threats

On World Password Day, security professionals warned that outdated login methods continue to fuel data breaches, urging trucking firms and other organizations to adopt multi-factor authentication (MFA) and biometric passkeys as standard protections. Recent reports detail persistent OAuth tokens, active phishing campaigns, and AI tools enhancing both defenses and exploits in enterprise environments.

Persistent OAuth Risks and MFA Recommendations

AI tools, workflow automations, and productivity apps connected to Google or Microsoft often leave behind persistent OAuth tokens without expiration dates or automatic cleanup, evading traditional perimeter controls and MFA. Security researcher Matt Bruns of TAC IT systems noted the dangers of these overlooked access points.

The Cybersecurity and Infrastructure Security Agency states that MFA reduces hacking risk by 99% by adding a second verification layer beyond passwords. Phishing-resistant MFA methods, ranked by effectiveness, include FIDO2/passkeys, hardware keys, authenticator apps with number matching, TOTP, SMS, voice, and email. A National Cyber Security Centre paper confirms passkeys are as secure or more secure than two-step verification using the strongest passwords.

Experts recommend phishing-resistant MFA for all users, timely patching of internet-facing systems, and regular tested backups to mitigate risks once attackers bypass initial defenses.

Active Exploits and Phishing Campaigns Target Enterprises

Fortra researchers uncovered a phishing campaign abusing Datto’s remote monitoring and management platform to deliver Remote Access Trojans, enabling persistent attacker control while blending with normal traffic.

Exploitation of a recent cPanel vulnerability has surged, with nearly 1,000 attempts detected on honeypots since disclosure, indicating widespread activity across global networks, according to Defused CEO Simo Kohonen. A U.S. defense contractor thwarted a similar intrusion using the Cyber Kill Chain framework, which tracks and blocks attackers post-breach.

AI Advances and Sector Confidence Declines

Anthropic’s Mythos model improves vulnerability patching but also exploitation efficiency, potentially benefiting attackers first without specialized skills. The Global Cybersecurity Outlook 2026 report identifies expertise shortages as a top challenge, with cyberattacks increasingly targeting healthcare, education, and NGOs due to their vulnerabilities.

Chief information security officers express diminished confidence in local government and public higher education’s data security, rising from 35% “not very confident” in 2022 to 63% in 2026. About one-fifth of CISOs report states adopting whole-of-state cybersecurity strategies in response.

Recent Breaches and Visibility Emphasis

Match Group terminated unauthorized access dating to mid-January 2026, with no evidence of exposed passwords, financial data, or communications, and initiated notifications. Nike is probing a claimed 1.4TB data theft by the WorldLeaks extortion group, involving design and manufacturing files.

Beyond monitoring, visibility into access and behavior deters threats, enhances collaboration, and supports data-driven decisions for trucking fleets managing SaaS integrations and remote operations.