While the proactivity of Australia's government around IT security has led the world, a security expert has warned, ever-fiercer attacks will force more aggressive corporate governance monitoring and government intervention to protect areas such as critical infrastructure and the Internet of Things (IoT).
The growing interdependence of such technologies would necessitate top-down scrutiny and controls, LogicNow security lead Ian Trump told CSO Australia, citing because “there are situations the government has to intervene because it puts life and limb at risk.”
US legislators recently began considering a slew of controls over automobile security in the wake of concerns about the high-profile hack of a Jeep Cherokee's control systems while driving – which led to a recall of 1.4m vehicles – and a more recent demonstration showed how a Corvette could be stopped in its tracks by sending it a simple text message.
Attackers had shown great resourcefulness in exploiting even the smallest vulnerabilities, Trump said, and greater internetworking among common devices was going to create new opportunities for mischief.
Increasingly connected home appliances were likely to prove tempting: an Internet-connected dishwasher, for example, might be hacked to stop it from draining – thereby flooding the property in which it was located. Were this to happen and the owners found to not have kept security patches for the device up to date, litigation would likely ensue.
“The public are beginning to understand that there are intrinsic risks for IT systems,” he said. “When you have issues like that, litigation and insurance matters become very expensive – and the litigative landscape towards IT is going to get very hostile.”
Government intervention in conventional enterprise security – in the form of the 35 Australian Signals Directorate (ASD) Strategies to Mitigate Targeted Cyber Intrusions and the top 4 strategies said to help eliminate 85 percent of security risks – had caught the attention of comparable bodies worldwide, Trump said, and would likely help inform future efforts around IoT, infrastructure and other security.
“Australia right now is a really interesting place,” he said. “The climate for cyber security here is very good, and a lot of people are paying attention to that globally. The government is serious about cyber security because they see it as part of being globally competitive. It's really exciting to be in a place that takes it seriously.”
Government mandates weren't the only way to tighten security controls in vulnerable ecosystems, however: managed service providers (MSPs) were also positioned to play an increasing role in providing security services.
This would be through the implementation of hosted platforms that simplify the compliance process for security-related tasks such as automatic device monitoring and patching. “MSPs are looking for more growth opportunities, and have a desire to move upmarket and take on even bigger and more complex customers,” Trump said.
“They're interested in going after healthcare, legal, accounting and other firms where fiduciary responsibility to protect data is higher. They need to build that layered defence, and patching will be part of that. It's great that vendors are scrambling to patch systems after Hacking Team zero-days, for example, but if those patches aren't being deployed, businesses are unprotected.”
Want to know more?
Why not become a CSO member and subscribe to CSO's mailing list.
Get newsletters, updates, events and more right here