INFOGRAPHIC
CISOs: Transform Zero Trust to an organization-wide priority
Discover why every CISO’s Zero Trust strategy should start with phishing-resistant MFA
U.S. federal agencies are required to meet specific Zero Trust goals by the end of fiscal year 2024, and the private sector which serves government agencies is inevitably impacted and challenged with raising the bar for security as well—which gives CISOs a prime opportunity to be the accelerator.
A Zero Trust strategy reduces risk by assuming all users, devices, applications and transactions are potential threats that should be verified and authenticated before access is granted.
CISOs have a duty to make Zero Trust an organization-wide priority, especially since the path to it varies so greatly from one enterprise to the next:
Every CISO’s Zero Trust strategy should start with phishing-resistant MFA
Multi-factor authentication (MFA) is a critical factor for Zero Trust success, but not all forms of MFA are created equal. As part of long-and intermediate-term plans to apply Zero Trust principles, CISA encourages all organizations to implement phishing-resistant MFA. Hardware-based authentication solutions like the YubiKey verify identities beyond doubt while also creating a frictionless user experience.
Modern hardware-based phishing-resistant MFA, like the YubiKey:
- Provides passwordless authentication
- Reduces risk of credential theft by 99.9% and stops account takeovers
- Deploy the most secure passkey strategy: device-bound that is Authenticator Assurance Level 3 (AAL3) compliant.
Legacy mobile-based MFA (SMS, one-time passwords, push authenticators):
- Uses one-time passwords sent via SMS messages
- Creates MFA fatigue by forcing users to re-authenticate at random intervals account takeovers
- Unusable in mobile-restricted environments and dependent on network and battery
Start forging your own path to Zero Trust with six deployment best practices to accelerate the adoption of modern, phishing-resistant MFA at scale. It’s all in our guide How to get started with phishing-resistant MFA for Zero Trust.