Security Against the Invisible Enemy — Preparing for the Mandatory Notifiable Data Breach Scheme Part 2

In our last blog we learned what potential impact the Mandatory Notifiable Data Breach Scheme and the EU’s GDPR will have on the Australian market. But what’s next for organisations and what will be the potential challenges?

Security is more than IT

One challenge that internal IT teams are already facing is that data security and management can no longer be perceived as purely an IT issue. Security should, as far as possible, be an integral part of all systems from the outset, rather than something applied in retrospect. The growing rate of successful cybercrime cases highlights the essential role of network-level security as the first layer of defence for today’s connected organisations. Until the huge number of currently deployed legacy systems can be redesigned with inherent data protection, such security measures may be their only defence against data breaches. In addition, as new vulnerabilities are discovered, the security technology or data protection practices considered compliant today may need to be updated or changed to remain compliant in the future. Organisations will need mechanisms in place to ensure their efforts keep pace with the latest changes in technology and threats.

Network security challenges

Keeping pace with the evolving threat landscape is a challenge even without the increase in compliance requirements stipulated within NDB and GDPR. The enormous revenue from cybercrime ensures a level of resource and innovation aimed at improving attacks that can be hard for any individual company or even national government to match. Part of the problem comes from the way cyber security has evolved, with the discovery of each new attack vector spawning yet another security solution to be added. Although each such addition may fulfil its role as intended, it does so mostly in isolation, with little or no interaction with the rest of the security infrastructure. The result is not only hard to manage, but can easily lead to gaps and inconsistencies in the response to new threats – especially across a multi-vendor environment that requires the hand correlation of data between isolated management consoles.

The challenge is compounded by the adoption of trends such as mobility, multi-cloud, and the Internet of Things, all of which expand the effective attack surface, expose networks to new vulnerabilities, and erode the traditional concept of a network border.

One response to new threats is to increase processing and controls, but this can soon lead to unacceptable chaos and delay. Additional processing also adds complexity, multiplying the number of data points to be aggregated and interpreted when evaluating the best response to any detected event. Any solution will not only need to overcome the se challenges, but also continually adapt to changes in the usage of technology as well as in the evolving threat landscape.

Reporting time of breaches

Australia’s NDB requires organisations to evaluate and report incidents within 30 days. Even more worryingly, GDPR legislation – which affects any Australian company with EU customers or partners – requires notification within 72 hours. The first challenge to both the NDB and GDPR’s breach notification requirements is to detect when a qualifying breach has taken place and then determine which assets might be at risk within these specified timeframes. Shortening the time to detection is imperative to meet these requirements, but is also increasingly essential on their own since the financial impact of a breach correlates strongly with the length of time the hacker has undetected access to the network.

Since it is clearly impossible to detect the undetectable, security administrators should accept and prepare for the inevitable intrusions, while striving to minimise such occurrences and hasten their detection through every means possible. Even if a specific attack profile has not been encountered before that does not necessarily render it undetectable. With the right combination of distributed traffic analysis and threat intelligence, combined with technologies such as sandboxing, previously unseen attacks can still be seen and blocked. The bigger challenge for such advanced detection techniques is to distinguish the relevant signals from all the other noise.

The traditional approach to network security of having multiple isolated solutions report to, and then rely on, the decision-making abilities of a single human administrator, is rapidly becoming untenable. As both network complexity and the frequency of security events increase, a degree of collaboration and intelligent automation across the security infrastructure is essential in order to respond to sophisticated threats at digital speeds.

Conclusion

While data privacy compliance is not something that can be achieved through technology alone, the provisioning of state-of-the-art network security is clearly an essential first step. To reduce exposure to the potentially crippling implications of a serious data breach, it is necessary to minimise both the number of network intrusions and the time to detection. Rather than overwhelming the network and IT staff with even more isolated security devices, a new approach to security – in which all key components of the security infrastructure are woven together into a seamless fabric that allows them see each other, share and correlate intelligence, and respond to threats in a coordinated fashion – is the best way forward.

Want to know more about the data breach notification laws and how to best negotiate them? Visit Fortinet’s Data Breach Notification page for whitepapers and other resources to help you turn this new legislation into greater organisational support for cybersecurity.