When we think of Cybersecurity, we often think of the United
States and other nation threat actors, such as those of China, Russia, North
Korea, etc. We often don’t think about
the other players such as those in the European Union (EU), the African continent,
or even the Pacific Rim nations. So it
is in with regards to the latter that that this blog is about.
Starting in 2020, Australia made some serious headway into improving
its overall lines of defenses, by investing well over $1 Billion into its
Cybersecurity posture. This was
officially called the “Cybersecurity Strategy 2020”. But despite this huge effort, more security
breaches have occurred in the Land Down Under than had been anticipated.
For example, in its Cyber Threat Report 2022-2023, there
were 58 incidents that were classified as an “Extensive Compromise”, and also
there were well over 190 other incidents that were also classified as “Isolated
Compromises”. This report can be seen at
the link below:
https://www.darkreading.com/cybersecurity-operations/missing-cybersecurity-mark-with-essential-eight
In response to these alarming stats, the Australian
Government updated one of its newer frameworks, which is called the “Essential
Eight Maturity Model”. More information
about this can also be seen at the link below:
https://www.infosecassure.com.au/post/essential-eight-changes-july-2021
While it has been claimed that this framework provides excellent
guidance on such areas as patching, backups, and application control, it is severely
lacking in other areas, especially those of SaaS based applications, and
Identity and Access Management. Another
sharp criticism of it has been in the area of the Cloud. It does not specifically address how to best
protect security issues in this regard, but rather, it only focuses on those
risks that are posed to an On Prem Infrastructure.
In fact, there is only area of this entire framework that
really addresses of how to better protect online accounts. So what can be done to improve this very
important framework? Here are some key
areas that need to be addressed:
1)
Configuration Management:
When one thinks of this, the image
of changes in builds to software applications often come to mind. But Configuration Management goes far beyond
this. It should address everything that
happens within the infrastructure of a business, all the way from the servers
to physical access entry scenarios.
Anything and everything that is related as it relates to the IT and
Network Infrastructure and any changes to them that are going to happen has to
be addressed here, at this level.
2)
Identity and Access Management:
This was just examined earlier in
this blog. With a lot of businesses now
going to the Cloud, establishing the appropriate levels of permissions for the appropriate
job titles is now a must. But it has to
go beyond this. The framework also has
to take into account what is known as “Role Based Access Control”, or “RBAC”
for short. This is where the rights,
permissions, and privileges are also assigned based upon the roles that they do
in their particular job.
3)
Third Party Applications:
Given the explosion of the IoT and everything
digital, third-party mobile apps and just apps in general are becoming extremely
popular. While it is important to give your
employees access to what they need to make them productive, you also have to
make sure that your business does not succumb to the risks of what is called “Shadow
IT”. This is where your employees
download unauthorized apps to onto their work devices for the sake of ease of
use, familiarity, and comfort.
4)
The Right Controls:
Pretty much all employees, whether hybrid,
On Prem, or remote now access shared resources onto the Cloud. Therefore, the right controls need to be put
into place to make sure that these critical assets are protected the best that
they can be. Also, regular audits need
to be conducted on these controls in order to make sure that they are still
optimal. If not, they will have to be
replaced and/or upgraded.
My Thoughts On This:
Even here in the United States, we have many government and
even private sector-based entities that have come out with these kinds of
frameworks. The most notable ones are
from the NIST and CISA. But in order to
keep these frameworks updated to the best degree possible, it will literally “Take
A Village” to make it all happen. In
other words, feedback and input has to be provided at all levels, and the upgraded
frameworks have to be tested on a regular basis.
No comments:
Post a Comment