ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Why the NBD means privileged access is more important than ever

By Ben Moore
Mon 12 Mar 2018
FYI, this story is more than a year old

With the Notifiable Data Breaches (NDB) scheme now in effect, organisations turning over $3 million or more - or any organisation handling health, credit reporting or Tax File Number data - may be feeling less comfortable about their information security.

Having to disclose serious data breaches should be making you feel a little bit nervous. Many breaches that were previously “contained” will now become public. That disclosure, or lack of timely disclosure, could damage or even destroy an organisation’s reputation.

With the NDB scheme, boards and C-level executives are paying more attention to an organisation’s security posture. The fewer breaches they have to disclose, the better. The buck no longer stops with the Chief Information Security Officer. That means more appetite and top-level sponsorship for information protection initiatives.

For most organisations, implementing a Privileged Account Management (PAM) solution will be the quickest, easiest and most effective way to reduce exposure against both internal and external threats. Organisations with existing PAM solutions should also find quick wins by scaling up their defences.

I would even go a step further. With the NDB scheme, having a PAM solution will quickly become an expectation of the general community and the Office of the Australian Information Commissioner (OAIC) responsible for the scheme.

“Reasonable steps” to secure personal information

The NDB scheme requires all organisations covered by the Australian Privacy Act to “take reasonable steps” to ensure the security of personal information. Those that fail to take reasonable steps to stop breaches, or to mitigate the harm they cause, face penalties and the potential for substantial reputational damage.

The OAIC’s Guide to securing personal information details a wide array of security practices. Organisations don’t have to take all possible steps to secure personal information, however, just reasonable ones. They can take into account the time and cost involved – factors the general community and the OAIC may also consider when breaches are notified.

With one solution, PAM implements many of the most effective measures in the OAIC Guide, including password management, multi-factor authentication, control of administrative privileges, limiting access to private information, early detection of a breach, and damage mitigation.

Privileged accounts are often referred to as the “keys to the kingdom”. Many high-profile data breaches have resulted from stolen and weak passwords that initially give hackers a foot in the door which is exploited further by gaining access to privileged accounts.

80% of breaches involve privileged accounts

Forrester estimates that 80 percent of data breaches involve privileged accounts that have been compromised or abused. A survey of hackers attending the 2017 Black Hat conference in Las Vegas revealed that compromised privileged accounts and email accounts were the preferred methods for gaining access to sensitive data.

Compromised privileged accounts give attackers elevated permissions, letting them move through an organisation’s network and systems to steal, poison and/or remove critical information. Because the attackers appear to be legitimate users of privileged accounts, they can carry out malicious activities for weeks or months without being detected.

With a PAM solution, organisations can quickly and easily discover all their human and non-human privileged accounts, who has access to them and restrict access on a need-to-use basis. On top of that, you can take control of account passwords, enforce password policies, track their usage to alert organisations of potential abuse, and automatically trigger a password rotation based on an adverse event.

All of this is transparent to users who no longer have direct access to account passwords, instead, logging in through the PAM solution via multi-factor authentication. Without knowing passwords, users cannot lose them through social engineering attacks. Instead of having to remember multiple account passwords, they have one easy and secure access method to do their jobs. This improves user productivity, reduces the burden on support staff, and saves organisations money.

Privileged Account Management now expected

Reinforcing the effectiveness of this approach, the Australian Signals Directorate (ASD) ranks PAM amongst its Top Four strategies to mitigate targeted cyber intrusions in the Australian Government Information Security Manual (ISM). A recent audit by the federal Auditor-General criticised key federal agencies that failed to effectively implement the Top Four, which are a mandatory requirement for those handling sensitive data.

The NSW Auditor-General was also critical of state government agencies in its recent Report on Internal Controls & Governance 2017, finding that 68% of agencies did not adequately manage privileged access to their systems, exposing personal data to potential misuse.

Under sustained pressure to protect personal information, PAM is becoming the norm in federal government, with state agencies now following their lead. With the NDB scheme, other organisations covered by the Privacy Act will also be forced to follow suit.

Given the effectiveness and maturity of today’s solutions, with productivity benefits far outweighing their cost, PAM is almost the definition of a “reasonable step” organisations should take to secure personal information. With the NDB scheme, it will also become something that boards, senior executives, the OAIC and the general public come to expect.

Article by Thycotic APAC Regional Director Andrew McAllister

Andrew McAllister is responsible for the market strategy for the region and delivering end-to-end Privileged Account Management solutions to customers via a network of channel partners managed by master distributor, emt Distribution.

Related stories
Top stories
Story image
Artificial Intelligence
SAS announces new products amid cloud portfolio success
Analytics and AI company SAS is deepening its broad industry portfolio with offerings that support life sciences, energy, and martech.
Story image
Sustainability
Legrand unveils Nexpand, a data center cabinet platform
Legrand has unveiled a new data center cabinet platform, Nexpand, to offer the necessary scalability and future-proof architecture for digital transformation.
Story image
Surveillance
Motorola Solutions acquires Videotec S.p.A for security portfolio
Motorola Solutions has acquired Italian ruggedised video security company Videotec S.p.A, along with its portfolio of highly versatile cameras.
Story image
Nozomi Networks
Nozomi Networks, Siemens reveal software integration
Nozomi Networks and Siemens have extended their partnership by embedding Nozomi Networks’ software into the Siemens Scalance LPE local processing engine.
Story image
Fortinet
Fortinet's Security Fabric hits new record for integrations
The Fortinet Security Fabric has surpassed 500 technology integrations with more than 300 Fabric-Ready Technology Alliance Partners.
Story image
Mobility
Tyson Beckford partners with Element Case on new AppleWatch band
Celebrity Tyson Beckford has collaborated with STM Brands' Element Case brand to create a rugged new accessory.
Story image
Wireless
Sony to bring new 1000X series WH-1000XM5 headphones to the market
Sony has announced the newest edition of its award-winning wireless headphones, with the 1000X series WH-1000XM5 noise-cancelling model.
Story image
Artificial Intelligence
SAS unveils AI experience to improve kids' batting abilities
SAS has created The Batting Lab, an interactive experience using AI, computer vision and IoT analytics to help kids improve their baseball and softball swings.
Story image
PaaS
New digital traffic light system to tackle construction defects
Smarter Defects Management launches its PaaS digital system and says it will revolutionise managing defects in the construction industry.
Story image
Artificial Intelligence
AI-based email security platform Abnormal Security valued at $4B
"A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."
Story image
Alteryx
Decision Inc. Australia enters partnership with Alteryx
Independent data and analytics consultancy Decision Inc. Australia has partnered with automated analytics company Alteryx, expanding its offering to clients.
Story image
trust
9/10 Aussies to stop spending if personal data compromised
"Based on the patterns we are seeing among Australian consumers, it is evident that trust in a brand is exceptionally important."
Story image
WolfVision
WolfVision announces new range of visualisers
WolfVision has announced a new range of visualisers to help meet multiple industry demands for remote learning and educational solutions.
Story image
Telstra
Telstra, Google and Accenture launch 5G AR experience for AFL
Telstra, Google and Accenture are developing a new 5G powered augmented reality (AR) experience at Melbourne's Marvel Stadium for the footy season.
Story image
Testing
Google and CSIRO use AI to help protect the Great Barrier Reef
Google has partnered with CSIRO in Australia to implement AI solutions that help protect the Great Barrier Reef.
Story image
Remote Working
How zero trust and SD-WANs can support productive remote working
The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
Story image
Digital Transformation
How to modernise legacy apps without compromising security
At a time when digital transformation has become central to business, even the most important applications come with a ‘use-by’ date.
Story image
Review
Hands-on review: MSI MPG Z690 Carbon WIFI motherboard
It’s all change with Intel’s 12th generation CPUs. We have a new chipset in the 600-series, a new socket with the LGA 1700, and new DDR5 memory.
Story image
Ransomware
A third of companies paying ransom don’t recover data - report
Veeam's report finds 76% of businesses who are victims of cyberattacks paid the ransom to recover data, but a third were still unable to get their information back.
Story image
Cybersecurity
Infoblox's State of Security Report spotlights Australian remote work hazards
Attackers exploit weak WiFi, remote endpoints, and the cloud, costing 50% of organisations over $1.3 million in breach damages.
Story image
Cybersecurity
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
Fintech
Airwallex launches new bank feed integration with NetSuite
Airwallex has launched a new bank feed integration with NetSuite, developed in partnership with NetSuite solution partner, Onlineone.
Story image
Lightspeed
Lightspeed launches all-in-one marketing platform in A/NZ
ECommerce provider, Lightspeed has launched a new all-in-one marketing solution, Lightspeed Marketing & Loyalty in Australia and New Zealand.
Story image
Artificial Intelligence
Google to enter the smartwatch market with the Google Pixel Watch
Google has provided a first look at its new Google Pixel Watch, which is set to make an entry into the competitive smartwatch market.
Story image
Adyen
Adyen expands partnership with Afterpay as BNPL payments increase
Adyen has expanded its partnership with AfterPay allowing more of Adyen’s merchants in more countries worldwide to use the BNPL provider.
Story image
Artificial Intelligence
SAS launches human-focused responsible innovation initiative
SAS has launched a responsible innovation initiative, furthering its commitment to equity and putting people first.
Story image
Cybersecurity
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
Tech job moves
Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
Hawaiki Cable
BW Digital completes acquisition of Hawaiki Submarine Cable
BW Digital has completed its full acquisition of Hawaiki Submarine Cable, with all applicable regulatory filings and approvals now received.
Story image
Application Performance Monitoring / APM
Why SolarWinds Partners will have big wins in 2022
We summarise the key recent changes that the monitoring software vendor has made to accelerate its channel business.
Story image
Workato
Workato unveils enhancements to enterprise automation platform
"The extra layer of protection with EKM, zero-logging, and hourly key rotation gives customers a lot more visibility and control over more sensitive data."
Story image
Cybersecurity
BlackBerry offers Kaspersky replacement cybersecurity for the channel
BlackBerry advises that users of Kaspersky software in Australia and New Zealand undertake a rigorous risk analysis of their current security posture.
Story image
Gaming
PNY launches XLR8 Gaming EPIX memory products in A/NZ
PNY has launched its XLR8 Gaming EPIC-X RGB™ DDR4 Silver 3200MHz and 3600MHz memory products in Australia and New Zealand.
Story image
Manufacturing
HINDSITE wins Aerospace Xelerated Pitch Challenge with solution to support Boeing
Brisbane-based startup HINDSITE was the winner of the first ever Pitch Challenge organised by Aerospace Xelerated in partnership with Queensland XR Hub. 
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Wireless
Hands-on review: Technics EAH-A800 Noise Cancelling Wireless Headphones
Designed in Osaka, Japan, these headphones just exude quality. They aren’t heavy, but they feel well built and solid.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Phishing
KnowBe4 celebrates reaching 50,000 customers worldwide
KnowBe4 has reached the milestone of 50,000 customers, adding nearly 2,500 in the first quarter of 2022 alone.
Story image
Apple
Apple previews new features for users with disabilities
Apple says new software features that offer users with disabilities new tools for navigation, health and communication, are set to come out later this year.
Story image
Cybersecurity
Managed service providers: effective scoping to avoid costly vendor pitfalls
Managed security services are outsourced services focusing on the security and resilience of business networks.
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Ransomware
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Data solutions
South Australia state satellite makes significant progress
South Australia’s first state satellite has successfully completed the Critical Design Review (CDR), moving it closer to providing tangible data solutions.