• Free Daily Newsletter
  • Get Premium
  • Small Logo
  • About
  • Partner Pages
  • Support & FAQs
  • Log in

The Mandarin

The Mandarin
The Mandarin
  • Small Logo
  • Premium
  • Careers
    • Search SES Jobs
    • Career Advice
  • News
  • Editors' Picks
  • Portfolios
  • Events
  • Resource library
  • Small Logo
  • Premium
  • Careers
    • Search SES Jobs
    • Career Advice
  • News
  • Editors' Picks
  • Portfolios
  • Events
  • Resource library

Partner Content

Home Sponsored Privileged access an urgent fix in government cyber priorities

Privileged access an urgent fix in government cyber priorities

By CyberArk

Friday June 26, 2020

When Australia’s Prime Minister Scott Morrison fronted a hastily convened media pack on a cold midwinter Canberra morning on the 19th June, it became clear in seconds that Australia’s national cyber security alert level had just shifted up a gear.

Flanked by Defence Minister Senator Linda Reynolds, Morrison revealed that the Australian Cyber Security Centre was in the process of battening down the nation’s IT security hatches, not just for the federal government but states, councils, industry and academia.

It was a message that sent an immediate chill down the spine of decision makers charged with signing-off on organisational cyber security settings. What had sometimes been relegated to a compliance issue just became discomfortingly real, especially around threat mitigation.

The message from the very top was clear. Late passes and extensions just won’t cut it anymore. Get secured – or get rumbled.

Cyber uplift just got real

Leading cyber security solution providers acknowledge there is work to be done across both the technology industry and government to rise to the elevated security challenge.

Thomas Fikentscher, regional director ANZ for cyber security leader CyberArk, believes renewed commitments by both the federal government and states like New South Wales, which has earmarked $240 million over four years to boost cyber security capability, are timely and valuable.

“Providers and government must work together to defeat threats,” Fikentscher says. “Education and understanding are key, so we’re keen to help demystify cyber and make key concepts accessible across government. We’re putting real resources into that.”

Australia’s “go-to” cybersecurity benchmark for government organisations and critical infrastructure remains the Australian Signals Directorate’s ‘Essential Eight’, developed specifically to harden systems against malicious intrusion and compromise.

While it is roundly accepted that the Essential Eight are a necessary and effective security framework, actually achieving compliance is a lot harder than it sounds, almost certainly one of the reasons why the executive arm of government has gone on the front foot to raise awareness.

Nobody realistically expects agencies to publicly disclose their vulnerabilities or weak spots, but, at a broad level, evidence highlighting the urgent need for improvement is clear and compelling.

Behind the Essential Eight ball

In May 2020, the Australian National Audit Office released a report that probed 18 agencies –including Defence, Services Australia, Home Affairs and Tax – as to how their human resources and financials software rated against the Essential Eight maturity index.

The stand-out in the ANAO’s assessment of maturity of agency mitigation strategies was the need to “restrict administrative privileges” – or limiting the number of users and accounts with scaled-up access, like systems administrators or other users with high levels of technical authority.

Out of the 18 agencies assessed by the ANAO, eight were found to be non-compliant with the requirement to restrict privileged access, a figure that urgently needs to change.

Why privileged access management matters more than ever

As the Australian Cyber Security Centre (ACSC) prudently observes in its outline of the Essential Eight, privileged accounts – especially for administrators of networks, applications, cloud accounts and data holdings – remain a bullseye target for malicious actors. Why? Because attacks seek to abuse privileged access in order to get to what they really want. To meet this challenge, usage of privileged access management (PAM) allows attacks that compromise privileged credentials to be contained.

By proactively managing and rotating high-value ‘privileged’ credentials and limiting user access to only the information and tools needed to perform their immediate role, an attacker’s route to critical data and assets can be contained, reducing their ability to exfiltrate information or disrupt operations.”

“Admin accounts are the “keys to the kingdom”. Adversaries use these accounts to gain full access to information and systems,” the ACSC cautions.

That risk is increasing as malicious actors – both nation state and criminal – look to sophisticated and highly personalised attacks like phishing to trick well-meaning staff into exposing their access credentials.

These collaborative times

Limiting privileged access has become critically important in the contexts of the worldwide push to work from home, coupled with the need for once-discrete organisations to collaborate for a common good.

The concept of the National Cabinet, or its sub groups around transport, logistics and social services are just a few examples of how once-disparate organisations have urgently come together.

In times of crisis, authorised access to some and the unimpeded flow of secure data needs to run smoothly between banks, supermarkets, hospitals transport providers and governments – aside from the Commonwealth, Australia has eight state and territory regimes not to mention hundreds of councils.

So far governments have pulled together to create a highly effective response to control COVID-19, but what’s less discussed is that the sheer size of the attack surface now available to malicious actors has increased exponentially making intrusion attempts a matter of when rather than if.

This in many ways doubles the need and utility of PAM solutions, especially when they can accelerate authorised access as well as tightly controlling it, eliminating the need for fudges like poor passcode management.

Used judiciously, a good PAM solution can turn information security into a productivity boosting operational strength as opposed to constantly shifting compliance cost centre.

“As public sector organisations go cloud first and embrace persistent development through approaches like DevOps, privileged access management becomes paramount,” Fikentscher says.

“There’s no magic bullet, but explaining how and why rock-solid solutions work is part of the journey. CyberArk is up for that conversation, no matter how big the department or small the council.”

Click here for CyberArk’s eBook: actionable tips and essential insight on privileged access management.

About the author

By CyberArk

People: Thomas Fikentscher

Companies: CyberArk

Departments: Australian Cyber Security Centre Australian National Audit Office

Partners: CyberArk

Tags: Australian Signals Directorate’s ‘Essential Eight’ cyber cyber security Privileged access privileged accounts

Login
Please login to comment
0 Comments
Inline Feedbacks
View all comments
The Mandarin Premium

Canberra’s changed

Stay on top for only $5 a week

 

Get Premium Today

Already a subscriber? Login

By CyberArk

Friday June 26, 2020
Text size: A A A

Upcoming Events

01
Apr
Postgraduate studies in regulation and governance at ANU RegNet
14
Jul
Building Visibility + Influence for Women in the Public Sector – MASTERCLASS
29
Jul
Breakfast Briefing: Building and retaining the public sector workforce
03
Aug
Playing Bigger: Uplevelling Influence + Impact for Public Sector Leaders – ONLINE PROGRAM
15
Aug
CILT International Diploma in Logistics and Transport (Public-Sector)
View Calendar

Partner Content

A royal commission: Wicked problem first responder
Promoted

A royal commission: Wicked problem first responder

eBook: Digitisation and Modernisation in Public Health Organizations

eBook: Digitisation and Modernisation in Public Health Organizations

Whitepaper: Data security during a machinery of government change

Whitepaper: Data security during a machinery of government change

Latest Jobs


  • Head of Programs

    Cranlana Centre for Ethical Leadership at Monash University

    • VIC CBD
    Closing date 22nd July, 2022
    5 days ago Full Time - Fixed Term
  • General Manager Decision Support Services

    Bureau of Meteorology

    • National
    Closing date 10th July, 2022
    6 days ago Full Time - Ongoing
  • Multiple Directors - Engagement, Partnerships and Communications

    Department of Customer Service

    • NSW CBD, Regional
    Closing date 1st June, 2022
    1 month ago Full Time - Fixed Term
  • Executive Director Corporate Services - Canberra, Melbourne or Sydney

    Australian Commission for Law Enforcement Integrity

    • VIC CBD
    Closing date 3rd July, 2022
    8 days ago Full Time - Ongoing
  • Executive Director Corporate Services - Canberra, Melbourne or Sydney

    Australian Commission for Law Enforcement Integrity

    • ACT CBD, Regional
    Closing date 3rd July, 2022
    8 days ago Full Time - Ongoing
  • Executive Director Corporate Services - Canberra, Melbourne or Sydney

    Australian Commission for Law Enforcement Integrity

    • NSW
    Closing date 3rd July, 2022
    8 days ago Full Time - Ongoing
Search All Jobs

Login

Get Premium now. Not ready? Get the free Daily newsletter.

Forgot password?

Share via email

Access your 3 free Mandarin Premium articles

As part of your free trial you will receive 'The Juice', The Mandarin's daily free newsletter, the 'Premium wrap' every Saturday and marketing emails. You can opt out at any time.
Content
  • Small Logo
  • News
  • Research Series
  • Features
  • Portfolios
  • Jurisdictions
  • New Zealand
  • People & Capability
  • Thought Leadership
  • Editors' Picks
  • Resource Library
  • Site Map
Products & Services
  • Small Logo
  • The Juice Newsletter
  • Partner & Advertising solutions
  • Mandarin Live
  • Public Sector Events Calendar
  • Partner Content
  • Premium
  • Careers
Legal
  • Small Logo
  • Privacy Policy
  • Terms of Usage
  • Code of Conduct
Connect
  • Small Logo
  • About Us
  • Contact Us
  • Support
  • Our Team
Social
Copyright © The Mandarin
Private Media logo CRIKEY SMARTCOMPANY
wpDiscuz