The U.S. president has set forth in Executive Order M-22-09 “a Federal Zero Trust Architecture (ZTA) Strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of Fiscal Year (FY) 2024 in order to reinforce the Government’s defenses against increasingly sophisticated and persistent threat campaigns. Those campaigns target Federal technology infrastructure, threatening public safety and privacy, damaging the American economy, and weakening trust in Government.”
So what does this mean for you and how does it affect your business?
The president is exhibiting to all U.S. businesses that the Government sees cyber threats as a clear and present danger. The Government recognize that it is not safe to log into applications even when it’s on a known and trusted network. These apps must not be considered any less risky than when signing in from the public internet.
To support the president’s decree, executive order M-22-09 references The Cybersecurity and Infrastructure Security Agency’s (CISA) five pillars of a Zero Trust Cyber Security Framework – Identity, Devices, Networks, Applications and Workloads, and Data.
Specifically, the first pillar, Identity, sets forth that agency staff use enterprise-managed identities to access the applications they use in their work. In addition, using phishing-resistant multi-factor authentication (MFA) protects those personnel from sophisticated online attacks.
One such phishing-resistant MFA solution is typing dynamics. Typing dynamics is a behavioral biometric method that takes into account how a person is using a device — the speed of their typing, how they hold a device, and more — not just whether their password was entered correctly. Benefits of typing dynamics include a better user experience, faster authentication and improved security that keeps hackers at bay.
In short, the president’s strategy places emphasis on stronger enterprise identity and access management controls, including phishing-resistant MFA. Without secure, enterprise-managed identity systems, adversaries can take over user accounts and gain a foothold in an agency to steal data or launch attacks. This strategy sets a new baseline for access controls across the Government that prioritizes defense against sophisticated phishing and directs agencies to consolidate identity systems so that protections and monitoring can be consistently applied. Tightening access controls will require agencies to leverage data from different sources to make intelligent decisions, such as analyzing device and user information to assess the security posture of all activity on agency systems.
As President Biden stated, “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.”
Having the government lead by example should inspire U.S. based businesses do their part to help protect the American way of life. And that starts with protecting themselves first. Implementing phishing-resistant MFA is a first step to achieving a solid security posture and securing the backbone of America.
Learn more about MFA and typing dynamics from Optimal IdM by downloading your copy of Typing Biometrics and Other Multi-Factor Authentication Methods https://optimalidm.com/resources/blog/typing-biometrics-and-other-multi-factor-authentication-methods.
