Over the last few weeks, the Australian government has made big strides in further bolstering its digital security posture by enacting major cybersecurity measures. Australia has a goal to be a global leader in cybersecurity by 2030, and these recent measures are making impactful steps toward reaching this mission. First, the government announced that myGov – a simple and secure way for citizens to access government services online in one place – will transition to be fully passwordless, including introducing phishing-resistant multi-factor authentication (MFA) options like passkeys to sign into accounts.
myGov’s move toward adopting passkeys follows recent experiences facing breaches due to stolen login credentials from phishing attacks. Just this year, 4,500 successful breaches have resulted in $3.1 billion in losses – which led to thousands of myGov accounts being suspended to proactively thwart new breaches.
Additionally, in November the Australian Government released its Australian Cyber Security Strategy 2023-2030 which will impact government, critical infrastructure, citizens, and public servants working in the departments tied to myGov – as well as citizens accessing government services online. In November the Australian Government also released an update to the Maturity Model for the Essential Eight, in which phishing-resistant MFA is among the eight mitigation strategies.
Yubico applauds these efforts by the Australian government towards prioritizing phishing-resistance and significantly raising the security bar for the country and its citizens. Following these announcements, we can expect more aggressive moves in the coming months led by the federal government to adopt passkeys as phishing-resistant MFA.
Impact of recent Australian government cybersecurity legislation
The updated Essential 8 framework includes MFA requirements which have been bolstered to require the use of phishing-resistant MFA by organizations at a lower maturity level. Previously required at Maturity Level One, phishing-resistance is now required from Maturity Level One through Maturity Level Three (more information on maturity level guidance here). This framework, which is supported by the recently released Cyber Security Strategy, should be the guide organizations use to assess their cyber posture.
These updates were made in response to a few driving forces: increasing MFA adoption and implementation of international FIDO2/WebAuthn standards, the rise of attacks against weaker MFA implementations (i.e. those susceptible to real-time phishing attacks or social engineering attacks), and cyber policy changes being made by Australian Signals Directorate’s (ASD) international partners. MFA requirements have been bolstered to require the use of phishing-resistant MFA by organizations at a lower maturity level. This impacts Maturity Level Two.
Finally, a requirement has been added for users to authenticate to their workstations using a form of phishing-resistant MFA (e.g. Smart Cards and security keys). This change impacts Maturity Level Two and Maturity Level Three.
Overall, these changes are welcome and raise the bar for organizations to adopt modern phishing-resistant MFA at scale, and represent a significant shift in the Australian market towards adoption of passkeys. We look forward to additional measures by the Australian government in the coming years to keep their citizens more secure from increasing cyber attacks like phishing.
Moves towards phishing-resistance globally
The proposed uplift in cyber security posture across Australian government, business and consumers is an extremely positive step for the country, but also reflects similar moves we’re seeing unfold in other countries around the world.
The U.S. government has been emphasizing the importance of using only phishing-resistant MFA for over the past few years. Following the White House Executive Order 14028 focused on the public sector and all companies that work with federal agencies, in early 2022 the OMB Memo M-22-09 issued guidance on implementing phishing-resistant MFA as part of deploying Zero Trust Architecture and software supply chain security. Then, in early 2023 the government announced a National Cybersecurity Strategy which aims to shift responsibility of cybersecurity burden from individuals to “organizations that are most capable and best-positioned to reduce risks for all of us.”
Meanwhile, we’ve seen big steps throughout Europe in the form of the recent NIS2 Directive – a new piece of European Union (EU)-wide legislation aimed at improving the region’s cybersecurity. Recently, we also saw the EU take a big step with a revision of the EU common identity framework regulation – also known as eIDAS 2.0 – in which EU Member States will all soon implement a new common structure for electronic credentials based on digital identity wallets, including support for FIDO-based authentication. Over 250 private companies and government authorities across 25 EU Member States and Norway, Iceland, and Ukraine are participating in four large scale pilots to develop the underlying technology and test real-life use cases across the EU.
—
For more information on the Essential 8, visit here. For more information on the Australian Cyber Security Strategy 2023-2030, visit here.
Interested in adopting phishing-resistant MFA with YubiKeys today? Contact our sales team directly here.
The post Australian government leading on cybersecurity efforts toward phishing-resistance for all citizens and businesses appeared first on Yubico.
—————-
VaultumCity is the best trusted place to select and buy your best Yubikeys, Vaultumcity free ship all yubikeys, Vaultumcity is reseller distributor of yubikeys so you can find cheapest best yubikey in Vaultumcity. If you are looking for best Yubikeys in Singapore at VaultumCity website online store.
The shop that sells yubikeys is https://vaultumcity.com/product-category/yubikey/
Our delivers are from Singapore, distribute globally. Buying Yubikey in Vaultum to have best customer and after sales services. All Yubikeys sold at Vaultumcity are quality guaranteed. Please place a large amount order to have great discount for reseller. Contact Vaultumcity at https://vaultumcity.com/contact/ whenever you have any issue with your yubikeys. Buying yubikeys at Vaultumcity to have best newest yubikeys free shipped to your door, FIDO2 U2F SECURITY KEY C NFC, FIDO2 U2F SECURITY KEY NFC, YubiKey 5 Nano, YUBIKEY 5 NFC, YubiKey 5C, YubiKey 5C nano, YubiKey 5C NFC, YUBIKEY 5Ci, YubiKey Bio – FIDO Edition. Yubikeys are best most secure tools for two-factor authentication. You can also buy yubikeys form Malaysia, Yubikey Malaysia is being sold at Vaultumcity with great price and free ship, you have it fastest, just in few days because we’re here in Singapore.
If you are looking for yubikeys in Indonesia, Vaultumcity is a great place to buy yubikey Indonesia, you can have yubikeys to protect your logins in just few days. Vaultumcity ship your yubikeys to your home in Thailand, to help ensure your data is safe and secured.
What about South Korea, Vaultumcity bring your yubikeys to your home in South Korea free-shipped.
Vaultumcity also delivers yubikeys to Japan, any province or city to your hands. Check out and grab your best suited yubikey today at VaultumCity.
