Australia is making significant strides in fortifying its cybersecurity defenses, with recent government initiatives aimed at achieving global leadership in the field by 2030. Notably, the myGov platform, a centralized hub for accessing government services online, is set to become fully passwordless, incorporating phishing-resistant multi-factor authentication (MFA) options like passkeys.
This move follows a surge in successful breaches this year, resulting in substantial financial losses and the suspension of thousands of myGov accounts to proactively combat potential threats. The emphasis on passkeys and phishing-resistant MFA aligns with the Australian Government’s broader cybersecurity strategy outlined in the recently released Australian Cyber Security Strategy 2023-2030.
Yubico, a prominent player in the cybersecurity space, commends the Australian government’s commitment to prioritizing phishing resistance, anticipating more assertive measures in the coming months. The updated Essential Eight framework, integral to assessing cyber posture, now mandates the use of phishing-resistant MFA across lower maturity levels, reflecting a substantial shift in the cybersecurity landscape.
The changes are driven by factors such as increasing MFA adoption, international FIDO2/WebAuthn standards implementation, and evolving cyber policies from the Australian Signals Directorate’s international partners. Importantly, users are now required to authenticate workstations using phishing-resistant MFA, impacting maturity levels two and three.
These cybersecurity enhancements in Australia echo similar global trends. The U.S. government has been advocating for phishing-resistant MFA, aligning with the Zero Trust Architecture and national cybersecurity strategies. Europe is also witnessing substantial developments, with the NIS2 Directive and the revision of the EU common identity framework, highlighting a global shift towards heightened cybersecurity measures.
As Australia takes progressive steps to secure its citizens against cyber threats like phishing, these initiatives contribute to a larger global narrative where nations are increasingly recognizing the necessity of modern, phishing-resistant MFA strategies for enhanced digital security. The concerted efforts by governments worldwide signal a collective commitment to safeguarding individuals and organizations in an ever-evolving digital landscape.