Interactive, a leading Australian IT services provider, emphasizes that a focused approach on three key areas—asset and data management, vulnerability management, and identity management—is essential for effective cyber security. Fred Thiele, Interactive’s chief information security officer, suggests that concentrating on these areas could address many issues mandated by cyber security regulations and frameworks.
Thiele explains that while cyber security frameworks typically comprise around 20 components, homing in on these three can substantially cover most security needs. The first step involves a thorough discovery process where businesses must understand what data they have, how it is collected, stored, and managed. This is closely linked to managing physical and digital assets effectively.
The next focus is on vulnerability management. Thiele notes that despite its long-standing presence in the security field, it’s a challenging area where many falter. He points to various breaches highlighted in annual reports, where vulnerabilities were exploited due to inadequate response to known security flaws. Effective vulnerability management could prevent many such cyber-attacks. Finally, Thiele emphasizes the shift from endpoint protection to identity management. He warns that many system users often have more access privileges than necessary, increasing risks of significant breaches from even minor internal threats. Companies can reduce such risks by ensuring all user accesses are thoroughly vetted and aligned with their specific roles and responsibilities. Regular reviews and adjustments of access rights, especially when an employee’s role changes, are critical for maintaining security integrity.
By focusing on these three pillars, Thiele believes companies can greatly enhance their cyber security stance, making them less susceptible to breaches and more compliant with security standards.
