Share this article on:
Last month, Clare O’Neil, our country’s Minister of Home Affairs, announced the government’s robust plan to strengthen Australia’s cybersecurity resolve. She spoke confidently about six shields of defence against attacks by 2030, with more detailed information to come by the end of the year.
Despite the hope this brings many people and organisations, companies shouldn’t wait for government to come to the rescue; it’s about being proactive, now. There’s plenty that organisations can do to shield themselves from a data breach or other type of cyber event.
From January to June 2023 alone, the Office of the Australian Information Commissioner (OAIC) reported more than 400 notifiable breaches, impacting hundreds of organisations and their partners. It's a stark reminder that in today's interconnected world, the question is not if a breach will occur, but when.
Digital hygiene is the linchpin of an effective cybersecurity strategy. While the technology landscape evolves with ever-new advancements, the essence of cybersecurity remains rooted in safeguarding the basics.
The basics. This is where I might start to lose some people. When it comes to technology and cybersecurity the new and shiny is always so much more exciting. But sadly, it’s those who get distracted by the new and shiny who can leave their defences weakened.
To make sure you have the basics covered, an organisation must actively defend themselves 24/7/365. Threat actors operate ceaselessly, tirelessly probing and attempting to breach a company’s defences. In response, security programs must remain active, dynamic and adaptive to thwart these relentless efforts.
When it comes to digital hygiene, let’s examine three fundamental pillars and explore actionable steps that organisations can take now to fortify their defences for the next twelve months:
1. Vulnerability Management:
Vulnerability management is the cornerstone of any effective cybersecurity strategy. It encompasses an ongoing process that involves identifying, assessing, reporting, managing, and remediating vulnerabilities within an organisation’s defined security policy. This proactive approach empowers organisations to identify potential weaknesses before threat actors can exploit them.
To bolster vulnerability management, organisations should invest in comprehensive vulnerability scanning tools and employ penetration testing to assess their systems for weaknesses. These investments will shine a light on problem areas that can then be remediated; it’s all about visibility. Well defined response protocols can significantly reduce the time it takes to address vulnerabilities, minimising the window of opportunity for cybercriminals.
2. Identity and Access Management:
Identity and access management (IAM) is another crucial component of digital hygiene in cybersecurity. It encompasses a range of practices including, implementing multi-factor authentication, entitlement provisioning, restricting administrative privileges, and performing regular user access reviews. In essence, IAM is about knowing who has access to what within an organisation’s digital ecosystem.
Organisations must prioritise IAM by implementing stringent access controls, regularly reviewing and updating permissions, and ensuring employees have only the level of access required for their roles. Educating employees about the importance of strong authentication practices and the risks associated with unauthorised access is equally vital. IAM not only enhances security but also ensures compliance with data protection regulations.
There are numerous challenges in IAM, and the amount of change to an organisation’s business processes are normally substantial. It’s important to plan this work and execute bite-sized chunks to not overwhelm the business.
3. Asset Management:
Asset management involves knowing as much as you can about an IT asset, including the location, activity, owner, and vulnerabilities of devices within an organisation's network. In the modern workplace, where devices are constantly connected and mobile, understanding the full scope of an organisation's digital assets is no small feat and is a process of continual exploration.
Implementing a robust asset management system is essential. Most organisations have several tools that provide insight into assets. Often the data from these tools can be combined to form a comprehensive view of assets in an IT ecosystem. Processes and protocols should be established for decommissioning and securely disposing of outdated or unused devices to mitigate potential risks.
By fortifying the pillars of vulnerability management, identity and access management, and asset management, organisations will have a baseline level of capability to build their active defence program and proactively thwart cyber threats to safeguard their operations and reputation.
If you need advice on how to actively defend your organisation, contact Slipstream Cyber, Interactive’s specialised cyber service, today.