Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Thursday, 28 October 2021 12:35

Governments are finally warming to address cybersecurity challenges

By Jim Cook
Jim Cook, ANZ Regional Director at Attivo Networks Jim Cook, ANZ Regional Director at Attivo Networks

GUEST OPINION by Jim Cook, ANZ Regional Director, Attivo Networks:  Attacks against public and private sector assets reached a crescendo in 2021, and moves are now underway to stem the tide more permanently.

Cybersecurity is on the government radar and addressing it has finally become a top priority. It has taken a lot – potentially even too many – successful attacks over the years to reach this point.

Increasingly, governments themselves are targets: Australia found itself in the sights of a “sophisticated state-based cyber actor” in mid-2020. The attacks increased in frequency over the following months. Another attack hit parliamentary systems in March this year.

All of which is to say that governments – in Australia and abroad – are under no illusions of the threats and risks they face.

But they are also responding to the threats.

Governments have warmed to the idea of taking meaningful action:

  • Enacting legislation
  • Exerting political and economic pressure
  • Re-examining its vulnerabilities
  • Identifying ways to address them

Australia, US make legal moves

The Australian government has a heightened legislative interest in cybersecurity. It is seeking to expand the number of sectors deemed to be critical infrastructure providers and require these organisations to disclose attacks expediently and accept government assistance on incident response.

In addition, it has created a ransomware action plan that could result in mandatory reporting of ransomware encounters. It would levy criminal offences and penalties for those caught distributing the malware or seeking to profit from it.

Some observers see Australia as a leader in pursuing more advanced cybersecurity legislation, particularly compared to some of its ‘Five Eyes’ alliance partners - the United States, United Kingdom, New Zealand, and Canada.

However, these, and other jurisdictions and administrations, are starting to catch up.

In the US, for instance, there are currently more than a dozen pieces of federal cybersecurity legislation in various states of consideration. Not all these bills are necessarily good, and most will never see the light of day. Still, it is encouraging to note that cybersecurity issues are gaining traction within the highest levels of government.

There is bipartisan support for regulating industries more stringently to report breaches and share information for the first time. Stopping 100% of attacks will never be a realistic possibility. However, more reliable incident reporting and sharing of indicators of compromise and adversary tactics, techniques and procedures represent steps in the right direction.

The new US administration has also shown an increased willingness to pressure nation-states supporting these large-scale attacks. Countries like Russia, Iran, and North Korea are already under substantial political and economic pressure.

The US is in a prime position to offer both the carrot and the stick by lifting or strengthening its economic sanctions but needs the support of other countries for a coordinated and united response, which it is now receiving.

Extra billions

The US has also played a key role in extracting billions of dollars of commitments from ‘big tech’ companies that will go towards security system enhancements and training. The billions of extra dollars in backing for cybersecurity shows the gravity of the situation currently facing governments and organisations worldwide and the resolve of all interested parties to come together to quell attacks and regain an upper hand.

The substantive nature of some of these actions has caught the attention of observers and threat actors alike.

It’s also the persistence of the efforts: cybersecurity has never commanded this kind of time or resource commitment. There are few signs that the current scrutiny will be allowed to trail off, and attackers will again be left to their own devices and tools to attack organisations indiscriminately and with impunity.

Chasing better cyber hygiene

Outside of legislation and policy, more robust cyber hygiene in government and its chosen partners and the industries it regulates is also essential.

Hygiene is about more than using strong passwords and installing updates promptly. Identity security must be a part of the broader definition, and agencies must manage their pool of permissions more effectively. Attackers have realised that once they breach perimeter defenses, many networks lack the in-network protections to promptly detect and derail their activities.

When attackers are free to move laterally throughout a network with minimal fear of detection, they can look for valuable information and assets to steal, increasing the potential damage. Worse, it allows them to escalate their attacks by targeting Active Directory, potentially compromising administrator-level identities, and effectively seizing the keys to the castle, which happens all too often.

Active Directory and identity services are essential to the function of today’s network and cloud environments and protecting them must be a part of basic cyber hygiene.


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments