Every November, Critical Infrastructure Security and Resilience (CISR) Month focuses on educating the vital role critical infrastructure plays in the nation’s well being. Led by Cybersecurity and Infrastructure Security Agency (CISA), the conversation centers around why it’s important to strengthen critical infrastructure security and resilience. 

One of the critical infrastructures, energy and natural resources, is currently ranked fourth on a list of industries experiencing the most cyber attacks globally and is ranked first among US industries. With the threat continuing to increase, the time is now to rethink the relationship to cybersecurity and the tools that are used to stay secure. In response, energy and natural resource organizations are looking to reimagine multi-factor authentication (MFA) with a form factor that supports both personal identity verification (PIV) and modern FIDO2 authentication standards.

The challenges with legacy MFA

With over 70% of data breaches caused by stolen credentials such as passwords, it’s critical that organizations in the industry adopt modern phishing-resistant MFA to secure critical IT and OT environments, while ensuring compliance to new and evolving regulations. Implementing MFA can be a strong first-line of defense to protect against modern cyber threats – but it’s important to understand that not all forms of MFA are equal. 

Legacy authentication such as SMS, one-time passcodes (OTP), and push notifications are highly susceptible to modern phishing attacks, malware, SIM swaps, and man-in-the-middle attacks (MiTM). In addition to poor security, legacy MFA provides poor user experiences, low portability, and lack of scalability which can result in MFA gaps, low user adoption, and an increased risk of a breach.

In today’s tech-driven energy sector, tools and data are as widely distributed as the energy sources. Faced with these risks and challenges, many energy companies and the industry alike are seeking out ways to be secure against malicious actors. Many operators have already switched to phishing-resistant MFA, and more will follow as the energy sector continues to adapt to evolving cyber threats.

Strengthening phishing-resistant MFA strategy

Given the rise and sophistication of cyber attacks, there is a need for phishing-resistant MFA which involves PIV/Smart Card, modern FIDO2 or WebAuthn passkey authentication. The good news is that the energy sector is already ahead of the game due to Smart Card adoption.

Smart Cards have been one of the most trusted and proven implementations of MFA for over 20 years, and often relied upon as the standard for authentication by energy companies. PIV Smart Cards qualify as phishing-resistant MFA because even if someone manages to steal credentials, they would still need the card to access something. Today, Smart Cards come in many form factors, from a credit card size that fits in your wallet to a hardware security key that fits on your keychain. 

There’s only one challenge: the typical credit card-shaped Smart Card hasn’t historically worked well on mobile devices without additional hardware and software.

PIV-enabled YubiKeys are the answer

Moving forward, the energy sector needs an authentication solution that provides the highest protection against phishing and unauthorized account access combining FIDO and PIV to provide full phishing-resistant coverage. With the portability and multi-protocol support offered by Yubico’s YubiKeys, it’s now possible to use any PIV-enabled YubiKey on any supported mobile device as a certificate-based Smart Card.

As a form of phishing-resistant MFA, YubiKeys are compatible with a wide range of devices and  your favorite products, services, and business-critical applications. Providing a scalable way to handle secure authentication and a streamlined way to access accounts, YubiKeys strike an elusive balance between security and productivity.

YubiKeys support FIDO2 authentication – which is quickly becoming the standard after Google, Microsoft, Apple, and CISA have given enthusiastic support – and PIV authentication protocols at the same time. As a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, Yubico is excited about continuing to pioneer phishing-resistant hardware authentication throughout the energy industry.

Take a deep dive into why YubiKeys are the ideal solution for the energy and natural resources sectors and learn what it takes to get started – including a step-by-step process to ensure a seamless adoption – in our new guide here.

The post Resolve to be cyber resilient: Moving on from legacy MFA in energy and natural resources appeared first on Yubico.


VaultumCity is the best trusted place to select and buy your best Yubikeys, Vaultumcity free ship all yubikeys, Vaultumcity is reseller distributor of yubikeys so you can find cheapest best yubikey in Vaultumcity. If you are looking for best Yubikeys in Singapore at VaultumCity website online store.

The shop that sells yubikeys is https://vaultumcity.com/product-category/yubikey/

Our delivers are from Singapore, distribute globally. Buying Yubikey in Vaultum to have best customer and after sales services. All Yubikeys sold at Vaultumcity are quality guaranteed. Please place a large amount order to have great discount for reseller. Contact Vaultumcity at https://vaultumcity.com/contact/ whenever you have any issue with your yubikeys. Buying yubikeys at Vaultumcity to have best newest yubikeys free shipped to your door, FIDO2 U2F SECURITY KEY C NFC, FIDO2 U2F SECURITY KEY NFC, YubiKey 5 Nano, YUBIKEY 5 NFC, YubiKey 5C, YubiKey 5C nano, YubiKey 5C NFC, YUBIKEY 5Ci, YubiKey Bio – FIDO Edition. Yubikeys are best most secure tools for two-factor authentication. You can also buy yubikeys form Malaysia, Yubikey Malaysia is being sold at Vaultumcity with great price and free ship, you have it fastest, just in few days because we’re here in Singapore.

If you are looking for yubikeys in Indonesia, Vaultumcity is a great place to buy yubikey Indonesia, you can have yubikeys to protect your logins in just few days. Vaultumcity ship your yubikeys to your home in Thailand, to help ensure your data is safe and secured.

What about South Korea, Vaultumcity bring your yubikeys to your home in South Korea free-shipped.

Vaultumcity also delivers yubikeys to Japan, any province or city to your hands. Check out and grab your best suited yubikey today at VaultumCity.