Never has the world been more dependent on the internet, and never has it been more attacked than in 2020. In fact, it proved to be a year where trust in many of our systems was challenged. Yet I remain an eternal optimist and believe that we can transform the hard lessons learned in 2020 into tremendous potential for those of us who aim to make a difference in the world of security and privacy.
The powerful and beautiful human experience named the World Wide Web was launched only 30 years ago, designed for sharing information, not for security. Today, the core infrastructure that holds up our modern society has become a new digital war zone, not only for criminals, but for strong financial and political powers to conquer new territories, assets, and minds.
At Yubico, we had our fair share of challenges in 2020, but we are also grateful that the YubiKey, the YubiHSM, and our open standards contributions have made a significant positive impact for internet security. In no other year, have we experienced a higher demand for our technology. Yubico products are being used internally to protect the largest internet companies and their services, which this year have become the backbone for team collaboration and communication for billions of people.
This blog summarizes nine events that helped Yubico’s accelerated growth and adoption for trusted, portable, phishing-resistant hardware security keys.
1. The continued rise of spear phishing
The vast majority of all IT security breaches are due to stolen or weak login credentials, and the most common attack vector is phishing. Old school phishing scams trick users to download a file or reveal sensitive data to a fraudster website. The new, most sophisticated spear phishing attacks compromise accounts without the user noticing. In fact, 95% of all attacks targeting enterprise networks are caused by successful spear phishing. The authentication technologies proven to stop these attacks all use public key cryptography, including YubiKeys and smart cards.
2. WebAuthn momentum
Traditional smart cards have proven strong security, but were not designed for web or mobile. Beginning in 2011, Yubico began development of open authentication standards offering a next generation smart card technology, designed for the modern web and scale. We contributed our inventions to the FIDO Alliance and W3C. 2020 saw these FIDO and WebAuthn standards become natively supported in all leading platforms, browsers, and identity access management (IAM) solutions, building security foundations far beyond passwords and basic MFA.
3. Remote work
As COVID-19 hit us hard and furious, businesses around the world faced a new reality with the shift to remote workforces. Many organizations scrambled to establish trust with employees and their devices outside of the traditional perimeter-based security that they’d typically have in an office environment. To help solve this, Yubico launched YubiEnterprise Delivery, which helps businesses ship YubiKeys quickly and directly to their employees’ doorsteps.
4. Demand for cross device authenticators
With a growing market demand and increasing use cases for USB-C and wireless near-field communication (NFC) connections, Yubico released the YubiKey 5C NFC. Designed in the thin, robust, YubiKey “signature design”, the new key enables simple and strong authentication from all modern phones and computers, and has received raving reviews from the press, partners, and customers.
5. Headliner security breaches
The most recent large-scale attack of this year, SolarWinds, is quite possibly one of the biggest breaches in modern time and joins a long list of other major breaches from 2020. All of this combined is leaving cyber security, strong multi-factor authentication and HSMs (Hardware Security Modules) on top of mind for many organizations, as well as the importance of a trusted supply chain.
6. Secure manufacturing
Most security certifications do not review any actual security code, making it critical to trust your vendors’ supply chain. In a recent survey, the large majority of Yubico customers shared that they value that we manufacture all our keys in Sweden and California, and offer unique custom configuration tools enabling them to control their own encryption secrets. To date, we have made more than 15 million YubiKeys, and we continue to ramp up our production for significantly higher numbers to meet market demands in the years ahead.
7. Rising attacks on press freedom
Press freedom violations skyrocketed in 2020 due to increasing political and social unrest. In the US, there have been 182 journalists arrested while covering protests since 2017, and 121 of those arrests were from 2020 alone. Around the world, an increasing number of journalists covering injustice and misuse of power are being tracked, arrested, and in some cases, even killed. On our mission to help protect people, Yubico doubled up our YubiKey donation efforts program serving users at risk, including journalists. If there is no free press, there is no security.
8. The 2020 presidential election
Four years ago, Hillary Clinton’s election campaign was hacked. A year later, YubiKeys were highlighted for the first time in a high school science fair, stating that hardware-backed multi-factor authentication (MFA) could have eliminated the chance for unauthorized account access, and possibly, changed the election outcome. In 2020, major phishing attacks from non-democratic forces were reported. To date, no emails were leaked from the election campaigns thanks to security keys, like the YubiKey, that are built on the FIDO open authentication standards that Yubico pioneered.
9. People taking action
YubiKey and WebAuthn is not the only technology that will help us build a more secure internet, but it is proven to stop the single biggest problem – account takeovers. And now is the time to take action: For easy integration Yubico offers free open source servers, and a WebAuthn Starter Kit. We also welcome you to ask your favorite online services and apps to incorporate WebAuthn support. It’s a global open standards effort designed to make the internet safer for all.
2020 – a year like no other – is coming to an end. This year has become a wake up call for many things that we need to change. It’s been hard on all of us, but innovation, technology, and human collaboration can prevail. With new, better protection against attacks on our physical and digital lives, 2021 can be a safer year for us all.
All the Best,
CEO & Founder