Focus on three pillars to succeed in cyber security: Interactive

By

Unlock Cyber Security Success: Focus on Three Core Pillars Now!

Focusing on a few core pillars rather than a wide range of security domains is key to a successful cyber security program, according to leading Australian IT services provider Interactive.

Focus on three pillars to succeed in cyber security: Interactive

Interactive chief information security officer Fred Thiele, who has run security programs for a small company and a large government agency as well as Interactive, said addressing the three pillars of asset and data management, vulnerability management and identity management could “take care” of a large portion of the issues covered by regulatory compliance or cyber security frameworks.

“If you look at these frameworks, there are about 20 pieces or components you could follow,” Thiele said. 

To address the three pillars, cyber security leaders needed to implement a discovery process spanning their environment, the type of data they had and how they collected, stored and classified it. This process ran hand-in-hand with asset management. 

The second piece was vulnerability management and “while this had been around since the dawn of time, it was something very few people get right,” said Thiele.

A review of annual reports showed companies were being compromised in a number of ways. “There is the social engineering aspect which is all about training and awareness, but there are also quite a lot of cases in which a hacker got into an environment, through a vulnerability, with a weaponised exploit,” said Thiele. “In these cases, if only the company had patched the vulnerability, they wouldn’t have experienced a problem.

Shifting from protecting endpoints to protecting identities

Identity management is the third pillar and according to Thiele, comes from a shift away from protecting endpoints to protecting identities. However, the problem has emerged that many identities have excessive privileges assigned to them, which increases the potential damage to the organisation if even a low-level identity is breached.

Businesses can minimise identity risk in three ways, said Thiele. The first is to be consistent about the way they evaluate identities in their environment, with every identity authenticated back to a role-based access control matrix. The second is to understand the user context, and Thiele cites the example of a worker being allowed to log in from a foreign destination when that may not be appropriate from a security perspective. The third is continuously evaluating access privileges and making changes in accordance with changes to a person’s status or circumstances within the business.

“If we did asset and data management, vulnerability management and identity management correctly, a large number of our issues would go away,” Thiele concluded.

Read the State of Security report here: 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

IoT and AI data revolution: 40+ experts to lay out how organisations can accelerate productivity and sustainability at IoT Impact in Sydney

IoT and AI data revolution: 40+ experts to lay out how organisations can accelerate productivity and sustainability at IoT Impact in Sydney

SASE can reduce vendor sprawl, minimise costs and enhance network security

SASE can reduce vendor sprawl, minimise costs and enhance network security

AI is a force multiplier in the fight against cybercriminals

AI is a force multiplier in the fight against cybercriminals

Securing your identity in the clouds

Securing your identity in the clouds

Log In

  |  Forgot your password?