Cyber attacks do not only target private individuals, but they can also represent increasingly sophisticated and persistent threats to national security. Billions of dollars are spent on legacy security annually, yet data breaches and theft are accelerating. Many institutions and organizations have suffered. That is why it is important to leverage modern security technologies and zero-trust architectures across sectors.
Becoming More Proactive
In its bid to address exposed areas of weakness in US digital infrastructure, the United States Federal Government updated its cyber security strategy. In January 2022, President Biden signed Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity. With this modern approach to cyber security, the US Federal Government boldly transitions from incremental improvements to legacy perimeter-based defenses – to significant investment in modern “zero-trust” architectures that never trust and always verify “anything and everything attempting to establish system and data access.”
Aiming for Safer Cyber Infrastructure
When multifactor authentication (MFA) was added to legacy knowledge-based-access (KBA) that is based on the storing and passing of passwords and other personal secrets, there was indeed, a measurable reduction in risk to digital systems and data compared to single factor authentication.
However, the attack strategies of bad actors (attack vectors) evolved such that today, these legacy KBA methods, even with MFA, no longer protect against sophisticated phishing attacks that easily fool account owners into providing account credentials to the attackers. Once a legitimate account is taken over (such as the case in the ransomware attack against Colonial Pipeline), it is very hard for any system to detect a bad actor before significant damage is done, data is stolen, or malicious code is embedded that creates security vulnerabilities at a later time (such as the case with the Solarwinds supply chain attack.)
In a very bold move and positive development for the modern identity and authentication industry, our nation’s new cyber security executive order recommends that federal agencies achieve zero trust security goals with strong, FIDO-based MFA by the end of Fiscal Year (FY) 2024, with plans for implementation due within 60 days.
Among other requirements for networks, devices, endpoints plus encryption for data and DNS traffic, the directive includes centralized enterprise-managed identities with phishing-resistant MFA to protect users from sophisticated attacks (including both PIV credentials and FIDO2 Web authentication (known as “WebAuthn”) created by the FIDO Alliance and published by the World Wide Web Consortium (W3C). The directive also includes enterprise-wide identity systems based on zero trust architecture that always verifies users before granting access.
Strong Defense for All
In a push for safer cyberspace infrastructure, the US Federal Government joins the thousands of enterprises that are leaving legacy KBA and perimeter-based security thinking behind in favor of modern and strong MFA identity and authentication.
As the world continues to see a massive proliferation in devices and network connectivity, technological advancements are required to address the growing challenges in fighting cyber threats and risks. Nok Nok Inc in partnership with the global FIDO Alliance they founded, is among those at the forefront of this fight.
The FIDO Alliance is an open industry association that develops and promotes authentication standards. At the same time, it also pushes for safer and more convenient cyber security measures for the end-user. Thus, making it a mission to reduce people’s insecure and over-reliance on legacy password and KBA-based system access. Learn more about the FIDO standards here. Learn about Nok Nok’s industry-leading FIDO platform for strong user and IoT authentication here.