[adning id=”12070″]

[adning id=”12070″]

$3.1b Cyber wake-up call: Australian govt beefs up online security

Over the last few weeks, the Australian government has made big strides in further bolstering its digital security posture by enacting major cybersecurity measures. Australia has a goal to be a global leader in cybersecurity by 2030, and these recent measures are making impactful steps toward reaching this mission. First, the government announced that myGov – a simple and secure way for citizens to access government services online in one place – will transition to be fully passwordless, including introducing phishing-resistant multi-factor authentication (MFA) options like passkeys to sign into accounts.

myGov’s move toward adopting passkeys follows recent experiences facing breaches due to stolen login credentials from phishing attacks. Just this year, 4,500 successful breaches have resulted in $3.1 billion in losses – which led to thousands of myGov accounts being suspended to proactively thwart new breaches.

Additionally, in November the Australian Government released its Australian Cyber Security Strategy 2023-2030 which will impact government, critical infrastructure, citizens, and public servants working in the departments tied to myGov – as well as citizens accessing government services online. In November the Australian Government also released an update to the Maturity Model for the Essential Eight, in which phishing-resistant MFA is among the eight mitigation strategies.

Yubico applauds these efforts by the Australian government towards prioritising phishing-resistance and significantly raising the security bar for the country and its citizens. Following these announcements, we can expect more aggressive moves in the coming months led by the federal government to adopt passkeys as phishing-resistant MFA.

Impact of recent Australian government cybersecurity legislation

The updated Essential 8 framework includes MFA requirements which have been bolstered to require the use of phishing-resistant MFA by organisations at a lower maturity level. Previously required at Maturity Level One, phishing-resistance is now required from Maturity Level One through Maturity Level Three (more information on maturity level guidance here). This framework, which is supported by the recently released Cyber Security Strategy, should be the guide organisations use to assess their cyber posture.


These updates were made in response to a few driving forces: increasing MFA adoption and implementation of international FIDO2/WebAuthn standards, the rise of attacks against weaker MFA implementations (i.e. those susceptible to real-time phishing attacks or social engineering attacks), and cyber policy changes being made by Australian Signals Directorate’s (ASD) international partners. MFA requirements have been bolstered to require the use of phishing-resistant MFA by organisations at a lower maturity level. This impacts Maturity Level Two.

Finally, a requirement has been added for users to authenticate to their workstations using a form of phishing-resistant MFA (e.g. Smart Cards and security keys). This change impacts Maturity Level Two and Maturity Level Three.

Overall, these changes are welcome and raise the bar for organisations to adopt modern phishing-resistant MFA at scale, and represent a significant shift in the Australian market towards adoption of passkeys. We look forward to additional measures by the Australian government in the coming years to keep their citizens more secure from increasing cyber attacks like phishing.

Moves towards phishing-resistance globally

The proposed uplift in cyber security posture across Australian government, business and consumers is an extremely positive step for the country, but also reflects similar moves we’re seeing unfold in other countries around the world.

The U.S. government has been emphasising the importance of using only phishing-resistant MFA for over the past few years. Following the White House Executive Order 14028 focused on the public sector and all companies that work with federal agencies, in early 2022 the OMB Memo M-22-09 issued guidance on implementing phishing-resistant MFA as part of deploying Zero Trust Architecture and software supply chain security. Then, in early 2023 the government announced a National Cybersecurity Strategy which aims to shift responsibility of cybersecurity burden from individuals to “organisations that are most capable and best-positioned to reduce risks for all of us.”

Meanwhile, we’ve seen big steps throughout Europe in the form of the recent NIS2 Directive – a new piece of European Union (EU)-wide legislation aimed at improving the region’s cybersecurity.

Recently, we also saw the EU take a big step with a revision of the EU common identity framework regulation – also known as eIDAS 2.0 – in which EU Member States will all soon implement a new common structure for electronic credentials based on digital identity wallets, including support for FIDO-based authentication. Over 250 private companies and government authorities across 25 EU Member States and Norway, Iceland, and Ukraine are participating in four large scale pilots to develop the underlying technology and test real-life use cases across the EU.


Leave a Reply

Your email address will not be published. Required fields are marked *


Get breaking news delivered
This field is for validation purposes and should be left unchanged.


Austrade Approved Business Events
AVAILABLE NOW APPLY BEFORE 30th MARCH 2021 (Condition apply)

  • ABF Events are approved and listed below have been certified by Austrade on the Schedule of Approved Business Events.
  • This allows exhibitors, sponsors, delegates and partners to participate in the Business Events Grant Program. Note event bookings need to be confirmed ASAP to participate in the grant program
  • The program provides 50% rebate (based on a minimum spend of $20k) for approved items including ABF event-media packages, exhibition stands, corporate function tables, delegate registrations.
  • Govt Grant applications are now open until the 30 March. Please contact ABF to discuss how we can assist, we have experts to assist grant applications.
  • Grant funding will cover up to 50% of eligible expenditure incurred in participating at pre-approved business-to-business events as buyers or sellers during the 2021 calendar year.  All grant applications must be submitted for approval via the following link: https://business.gov.au/grants-and-programs/business-events-grants
  • For further information please see this fact sheet.
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?