Every November, Critical Infrastructure Security and Resilience (CISR) Month focuses on educating the vital role critical infrastructure plays in the nation’s well being. Led by Cybersecurity and Infrastructure Security Agency (CISA), the conversation centers around why it’s important to strengthen critical infrastructure security and resilience.
One of the critical infrastructures, energy and natural resources, is currently ranked fourth on a list of industries experiencing the most cyber attacks globally and is ranked first among US industries. With the threat continuing to increase, the time is now to rethink the relationship to cybersecurity and the tools that are used to stay secure. In response, energy and natural resource organizations are looking to reimagine multi-factor authentication (MFA) with a form factor that supports both personal identity verification (PIV) and modern FIDO2 authentication standards.
The challenges with legacy MFA
With over 70% of data breaches caused by stolen credentials such as passwords, it’s critical that organizations in the industry adopt modern phishing-resistant MFA to secure critical IT and OT environments, while ensuring compliance to new and evolving regulations. Implementing MFA can be a strong first-line of defense to protect against modern cyber threats – but it’s important to understand that not all forms of MFA are equal.
Legacy authentication such as SMS, one-time passcodes (OTP), and push notifications are highly susceptible to modern phishing attacks, malware, SIM swaps, and man-in-the-middle attacks (MiTM). In addition to poor security, legacy MFA provides poor user experiences, low portability, and lack of scalability which can result in MFA gaps, low user adoption, and an increased risk of a breach.
In today’s tech-driven energy sector, tools and data are as widely distributed as the energy sources. Faced with these risks and challenges, many energy companies and the industry alike are seeking out ways to be secure against malicious actors. Many operators have already switched to phishing-resistant MFA, and more will follow as the energy sector continues to adapt to evolving cyber threats.
Strengthening phishing-resistant MFA strategy
Given the rise and sophistication of cyber attacks, there is a need for phishing-resistant MFA which involves PIV/Smart Card, modern FIDO2 or WebAuthn passkey authentication. The good news is that the energy sector is already ahead of the game due to Smart Card adoption.
Smart Cards have been one of the most trusted and proven implementations of MFA for over 20 years, and often relied upon as the standard for authentication by energy companies. PIV Smart Cards qualify as phishing-resistant MFA because even if someone manages to steal credentials, they would still need the card to access something. Today, Smart Cards come in many form factors, from a credit card size that fits in your wallet to a hardware security key that fits on your keychain.
There’s only one challenge: the typical credit card-shaped Smart Card hasn’t historically worked well on mobile devices without additional hardware and software.
PIV-enabled YubiKeys are the answer
Moving forward, the energy sector needs an authentication solution that provides the highest protection against phishing and unauthorized account access combining FIDO and PIV to provide full phishing-resistant coverage. With the portability and multi-protocol support offered by Yubico’s YubiKeys, it’s now possible to use any PIV-enabled YubiKey on any supported mobile device as a certificate-based Smart Card.
As a form of phishing-resistant MFA, YubiKeys are compatible with a wide range of devices and your favorite products, services, and business-critical applications. Providing a scalable way to handle secure authentication and a streamlined way to access accounts, YubiKeys strike an elusive balance between security and productivity.
YubiKeys support FIDO2 authentication – which is quickly becoming the standard after Google, Microsoft, Apple, and CISA have given enthusiastic support – and PIV authentication protocols at the same time. As a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, Yubico is excited about continuing to pioneer phishing-resistant hardware authentication throughout the energy industry.
Take a deep dive into why YubiKeys are the ideal solution for the energy and natural resources sectors and learn what it takes to get started – including a step-by-step process to ensure a seamless adoption – in our new guide here.