• Contact Sales
  • Resellers
  • Support
Yubico Header Text LogoYubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Affiliate program
  • Contact Sales
  • Events
  • Press room
  • Yubico Blog
  • Yubico Executive Connect
  • About us
  • The team
  • Investors
  • Innovation history
  • Secure it Forward
Man holding YubiKey
Easy-to-use, secure authentication

With YubiKey there’s no tradeoff between great security and usability

Why YubiKey
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Google headquarters
Proven at scale at Google

Google defends against account takeovers and reduces IT costs

Google Case Study
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Hand holding YubiKey behind Apple iPhone
Protecting vulnerable organizations

Secure it Forward: One YubiKey donated for every 20 sold

Learn about Secure it Forward
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • YubiCloud
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
Woman holding YubiKey 5ci
One key for hundreds of apps and services

YubiKey works out-of-the-box and has no client software or battery

Yubico protects you
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
See YubiKeys as a Service
YubiEnterprise Subscription delivers scale and savings

Gain a future-proofed solution and faster MFA rollouts

See YubiKeys as a Service
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Secure supply chain
  • Critical infrastructure
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Call centers
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
  • HYPR experience
Hand holding YubiKey behind Apple iPhone
The Bridge to Passwordless

Begin the journey to make your organization passwordless

Get the white paper
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Lock on a laptop
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Government building
Federal cybersecurity requirements

See guidance for CIOs and leaders to prepare for the modern cyber threat era

Get the white paper
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • Federal systems integrators
  • State & local government
  • Education
  • Financial services
  • Elections & campaigns
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Energy & natural resources
  • Manufacturing
man working a manufacturing line
Manufacturing and supply chain security

Authentication best practices for manufacturing using highest-assurance security

Get the white paper
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Person looking at a computer with a government building showing
Phishing-resistant MFA: Fact vs. Fiction

Meet requirements for phishing-resistant MFA in OMB M-22-09 guidelines

Get the white paper
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Remote workers at a wind farm
Secure energy and natural resources from cyber threats

Best practices for phishing-resistant MFA to safeguard your critical infrastructure

Get the white paper
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
Laptop with a YubiKey inserted
BeyondTrust: secured with a subscription

A leader in Privileged Access Management simplifies YubiKey deployment

How they optimized ROI
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
S&P Global Market Intelligence report: old habits die hard

Only 46% of respondents protect their applications with MFA. How about you?

Read the report
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Considering Passkeys for your Enterprise?

Learn how to avoid the common pitfalls of synced passkeys

Get the Ebook
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiEnterprise Subscription
  • Works with YubiKey Program
  • Buying and shipping information
  • Security advisories
  • Help center
YubiKeys in lots of form factors
How to set up your YubiKey

Follow our guided tutorials to start protecting your favorite services

Set up your YubiKey
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
YubiKey on a keychain plugged into a laptop
Find the best YubiKey for your needs

Take the guided quiz and see which YubiKey best fits your or your businesses needs

Take the quiz
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
Worker with a calculator and laptop with a spreadsheet
Accelerate your YubiKey deployment

Technical and operational guidance for your YubiKey implementation and rollout

Professional Services
  • authentication
  • Executive Order
  • MFA
  • phishing-resistant MFA
  • YubiKey
SubscribeStore
  • Home » Blog » White House declaration: act now for cybersecurity attack protection

    White House declaration: act now for cybersecurity attack protection

    David Treece

    David Treece

    March 30, 2022
    7 minute read
    Share on FacebookShare on TwitterShare on LinkedInShare via Email

    Last week, President Biden made a statement that couldn’t have been clearer in its message regarding cybersecurity attack protection to the private sector: “If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year [,,,]” Additionally, the White House issued a fact sheet with the top bullet in their list to urge companies to “mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system.” 

    This latest urge of call to action from the White House builds upon last year’s executive order that focused on the public sector and all companies that work with federal agencies. Additionally, the Office of Management and Budget (OMB) Memo M-22-09 has covered several topics, including implementing phishing-resistant multi-factor authentication (MFA) as part of deploying Zero Trust Architecture, and software supply chain security.

    Cybersecurity attack protection and phishing-resistant MFA

    So what exactly constitutes as phishing-resistant MFA? There is some confusion as to what is phishing-resistant MFA, and we wanted to clarify. 

    While there may be many assertions of what is phishing-resistant, not all MFA is created equal. The clear definition, according to the OMB memo (page 7), defines phishing-resistant as two authentication technologies – the Federal Government’s Personal Identity Verification (PIV)/Smart Card and modern FIDO/WebAuthn. Approaches like SMS, mobile push notification, and one-time passwords (OTP) are not included and have shown to be vulnerable to phishing. 

    If the authentication being used is not PIV/Smart Card or FIDO/WebAuthn, then it is not phishing-resistant. The YubiKey supports both of these authentication standards, as well as being FIPS validated, another requirement in many public sector and government scenarios, as well as those in the private sector who support our critical infrastructure and software supply chain.

    If you think that your organization isn’t impacted by the Executive Order, you may want to think again. 

    While you may have already started planning for needed security measures to comply with that order, Monday’s statement brought a new sense of urgency to all companies – not just the ones working with the government. To help your team move down the security upgrade road, we’ve assembled some resources and tips below to help you get there. Additionally, we’ll be hosting a webinar on April 19 on this topic. 

    Make your cybersecurity attack protection plan

    Previously, we posted about steps you can take to prepare for executive order compliance. Here are a couple steps to take today that will get you started. We also have a resource page available focusing on the executive order itself.

    1. If you haven’t already, assemble a planning team with your top talent, then task them with a full audit prioritizing access to sensitive data. You will need a full accounting of your data, software and controls – as well as any contractors or third parties who have access to your network. This can be a daunting task, so focus on key systems and access points.  Having the right team members involved can quickly identify priority systems and risk so they can be quickly addressed. Once the priority systems have been identified, it is important not to stop. Neglected low priority systems are commonly used by attackers to gain a foothold within an organization. Auditing and scanning for non-compliant systems need to be an ongoing effort. You might be surprised how many companies don’t perform these full security reviews to their detriment. 
    2. Build a sustainable security plan that avoids quick fixes and make it part of your company’s DNA. To ensure that your company is not running from one fire drill to the next, security needs to be a priority at all levels of the organization. Phishing-resistant modern MFA can be implemented quickly in some cases and in others it will take more effort. Having an agreed upon plan that provides a consistent approach to MFA will improve and accelerate deployment plans. Aligning your authentication strategy with phishing-resistant based standards like PIV and FIDO that work with a number of Identity Access Management (IAM) providers, operating systems, and browsers will give you the maximum ability to address the security risk and deploy quickly. If you work with the government, or have plans to do so, a FIPS validated key will be a requirement for government partners.
    3. Build funding requests into upcoming budget cycles. The hard reality is that improving your security requires resources and approval from management to allocate funds. Security isn’t a one and done purchase but needs to be considered as a standard part of the budget to protect the business. Having a sustainable plan will help get C-suite buy-in as they can have a better understanding of how the plan will protect the company.  Having a well thought out security plan can provide tangible benefits that are important to highlight. Besides reducing risk, they can reduce audit cost and technical debt that can inhibit the business. Having the C-suite understand the value of how the program improves the whole company will help in getting your budget approved. Attackers don’t wait for yearly budget cycles to act which could require additional funds. Having support of key C-staff such as the Chief Risk Officer, can help drive unexpected funds requests. 

    How should I communicate the urgency of cybersecurity attack protection to staff and stakeholders?

    When the president speaks, people listen. So it’s no longer up for debate if phishing-resistant MFA is coming to the entire business world, but how long it will take for full adoption and which industries will get there fastest. Today you can take these steps: 

    1. Make staff aware of the president’s statement about the need to prepare for an environment with increased cybersecurity threats. Frame it as good news – “We are getting ahead of this and getting on board with a national trend toward better security, and here are the steps we will take.”
    2. Be clear about what steps the organization itself will take in the next year – including who’s on the planning team and what their objectives are. Transparency helps prepare those who may be change-resistant get used to the idea that something will change about their routines. 
    3. Be inclusive in your language when talking about the initiative. This is not something only the IT team must worry about. Instead, the entire organization is coming together to respond to the president’s call to action – the “we” pronoun applies here. You can use it as a learning opportunity, asking people to educate themselves or seek training on how to avoid getting phished and workplace security best practices. 

    The urgency you can read in Biden’s statement underlines what we’re all feeling at the moment – we’re living through times that change fast and can be unpredictable. By aligning your organization to place a priority on cybersecurity attack protection that includes phishing-resistant MFA, you will be better prepared to address the current and future cyber security threats. 

    ——

    To learn more about how to best defend against ransomware attacks, read our post on mitigation and incident response plans. More information on the executive order can also be found here and please join us for this webinar on April 19 to learn more about things your company can implement to help defend against cybersecurity attacks. 

    Share this article:

    Share on FacebookShare on TwitterShare on LinkedInShare via Email

    Recommended Posts

    • Q&A with CEO Mattias Danielsson: Yubico’s next stage of growth as a public company and what investors can expect

      Today marks an exciting, historic day in Yubico’s history: the company is now publicly traded under the ticker symbol YUBICO on Nasdaq First Growth North Market in Stockholm. As the cyber threat landscape continues to evolve rapidly through increasingly sophisticated attacks like phishing, the need for phishing-resistant MFA with the YubiKey are at an all-time […]

      Read more
      • Investors
      • Q&A
      • thought leadership
    • Five foundational cybersecurity controls to mitigate 90% of breaches

      During my 16 years in the cybersecurity industry, and after discussions with numerous CISOs and cyber security experts, they all agree that there are five easy steps all organizations can take to mitigate over 90% of all cyber breaches1.  Just like cars were not initially designed for safety, the internet was not designed for security. […]

      Read more
      • best practice guide
    • Okta + Yubico: Better together

      Modern cybersecurity needs to be phishing-resistant, but it also needs to incorporate a great user experience for employees, IT teams and customers. We know traditional authentication methods are perceived as user-friendly, but they are not secure and vulnerable to most attacks  – in fact, 59% of people still rely on username and password to authenticate […]

      Read more
      • Okta
      • Partner Program
    • Works with YubiKey Spotlight: How Yubico works with industry leaders who share the commitment to strong authentication

      As the cyber threat landscape continues to evolve rapidly in the form of more sophisticated attacks like phishing and ransomware, the need for industry collaborations and partnerships are more critical than ever to help businesses and consumers stay secure online. We first launched the Works with YubiKey (WWYK) program in 2018 with this in mind […]

      Read more
      • Works with YubiKey
      • wwyk
Yubico Text LogoYubico Text Logo
  • RSS
  • Twitter
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Investors
  • Partner programs
  • Affiliate program
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Contact support
Yubico © 2023 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust