As evidenced by the $230 million Cyber Security Strategy launched last April, the Australian government is taking the growing cyber security threat very seriously. A key piece of the government’s national cyber security strategy was updating the Australian Signals Directorate’s Top 4 list of security mitigation strategies deemed essential for government agencies. Building on that Top 4 list, the ASD recently released an updated list of eight security mitigation strategies, dubbed the “Essential Eight.” According to the new ASD guidance: “While no single mitigation strategy is guaranteed to prevent cyber security incidents, ASD recommends organisations implement a package of eight essential strategies as a baseline. This baseline makes it much harder for adversaries to compromise systems.”
Another major piece of the government’s strategy is the creation of 800 new intelligence and cyber roles within the Department of Defence. Unfortunately, Australian government agencies looking to bolster their cyber security forces are facing the same problem faced by organisations worldwide, public sector and private: the shortage of qualified, talented cyber security personnel. According to a survey by the U.S.-based Center for Strategic and International Studies, that shortage is affecting Australia more than most other countries.
So how do government agencies protect their networks and data from cyber attacks in the face of the growing cyber skills shortage? Integration and automation are the keys.
As our networks have evolved and become increasingly complex, this complexity presents ever-growing opportunities for compromise. As new threats have emerged, agencies have purchased a host of different security products, often from different vendors, as part of their overall security infrastructure. All of these products have separate management systems, often with limited connectivity. These interoperability challenges can hamper efforts to share cyber threat information across and between networks and frustrate attempts to respond to threats in a timely manner.
With cyber attacks increasing in frequency, complexity and sophistication, government agencies are under constant attack. In a time when personnel budgets are tight and cybersecurity talent is in short supply, the demands of today’s threat environment put government organisations at a critical point. If they are to keep up with ever more sophisticated cyber attacks in the future, an open, integrated and automated security architecture must be the answer.
An open architecture and a security fabric that ties all your devices together allows security products and systems from different vendors to connect, share information and work as one unified platform. It also gives you end-to-end visibility across all the different components of your security platform, saving you from having to sift through multiple reporting tools and management consoles to try and get a unified view of what is happening in your network. This is why, when government agencies are selecting a new security partner, open architecture and connectivity should be critical components in their decision making.
The other major piece of our optimal security solution for government agencies is orchestration and automation. With the cyber security talent shortage in government and the threats increasing and getting more sophisticated, having the infrastructure and security tools in place to enable quick, automated responses to actionable intelligence, without human intervention, is critical. Automation is the key to increasing security effectiveness, and speed.
This vision of a fully-integrated security platform, with products and systems from different vendors working seamlessly together to provide unprecedented visibility and protection for your increasingly complex and distributed network, is one that Fortinet shares and has long been working toward. It was the inspiration for the Fortinet Security Fabric, and it can take network security to places we’ve only dreamed of before.
Imagine an integrated approach to cyber security that automates the processing and analysis of threat information from many different sources, and can not only quickly identify network security threats but react to them as well. One that could even automate the identification, isolation and analysis of suspicious files within your network. All of this, if done manually, is highly labor-intensive and time-consuming. Such an integrated platform would dramatically improve network security, helping organisations avoid costly, damaging breaches, and do so without adding security headcount. Not only is this achievable, it is the solution that we must pursue if we are to keep ahead of cyber criminals.
Learn about Fortinet at the Canberra Australian Cyber Security Centre conference
Fortinet will be at the Australian Cyber Security Centre conference in Canberra from March 14-16, 2017 to help Australian organisations understand the critical need for enhanced cyber security. Our experts will be on site to address the full range of Australian cyber security issues. Find us at booth 42.