Andrew Shikiar, FIDO Alliance Executive Director & CMO 

The US Cybersecurity and Infrastructure Security Agency (CISA),  issued an advisory Thursday recommending cyber attack remedies for election-related activities  including the use of FIDO authentication to thwart phishing  attempts and account takeover. 

The advisory, entitled ACTIONS TO COUNTER EMAIL-BASED ATTACKS ON ELECTION RELATED ENTITIES noted that 78 percent of cyber-espionage incidents are enabled by phishing. CISA makes specific recommendations on protecting against cyber attacks to aid organizations involved in election-related activities.

Among other recommendations, FIDO Authentication was highlighted to thwart phishing attempts and protect against account takeover for cloud email and other high-value services. Specifically, CISA cites FIDO2 Security Keys as a tool that campaigns and organizations can, and should, use to protect themselves. The advisory also recommends that, when available, campaigns and organizations should enroll users in advanced protection services such as Google Advanced Protection, which leverages FIDO Security Keys as a best practice over other 2FA methodologies to protect workforces from account takeovers related to malicious attacks.

FIDO security keys offer protection against phishing attacks by working as a second, physical factor of authentication and only authenticating when a user is on the correct website. Thus, even if a user is tricked into supplying their password to a phishing website, the physical security key will still block attackers from accessing their account. 

Phishing continues to be a problem and remains one of the most popular means by which cybercriminals obtain data. Embracing FIDO technology is smart politics, and smart policy for those who understand the gravity of the cyber threat. As the election draws near, we’re increasingly seeing foreign agents attempting to infiltrate, influence and disrupt our elections.

As the CISA advisory implies, phishing and other cyber attacks are a critical issue with widespread and damaging implications to U.S. national security. The CISA advisory highlights the importance of locking down email systems, which have become a preferred vector for malicious activity. The CISA recommendations are intended as a preferred method for protecting the 2020 and future political campaigns. 


More

EMVCo and FIDO Alliance Provide Essential Guidance on Use of FIDO with EMV 3DS

As leaders in authentication and payments spaces respectively, the FIDO Alliance and EMVCo collaborate to…

Read More →

FIDO Alliance Announces Call for Speakers and Sponsors for FIDO APAC Summit 2024

February 21, 2024 The FIDO Alliance is excited to announce the return of the FIDO…

Read More →

Recap: 2024 Identity, Authentication and the Road Ahead Policy Forum

What’s the state of identity and authentication in 2024? That was the primary topic addressed…

Read More →


12361 Next