Too much of a good thing: Australia's cyber overlap issue

With cybersecurity legislative reforms underway and fresh measures confirmed in the recent federal Budget, Australia is making good on its commitment to become one of the most cybersecure nations in the world by 2030.

But recent research indicates many organisations may have too many security systems with overlapping functions in place, creating inefficiencies, the likelihood of false positives and, worst of all, the risk of missed events that signify data breaches or security incidents.

Technology systems tend to expand organically over time and this phenomenon is no different in the realm of cybersecurity. But for SecOps teams, this can mean they’re inundated with data and intelligence on a rising number of potential events or threats, creating fatigue and the risk of something critical being missed in the noise.

Australia’s cybersecurity industry has also grown into a behemoth, with organisations expected to spend AU$7.3 billion on information security and risk management products and services in 2024, an 11.5% rise on last year.

We can benefit from directing some of that investment to consolidating solutions where it makes sense, and to map organisations’ security stacks to regulations, standards and policies appropriate for the assets and data under their protection.

This will vary considerably depending on the specific industry — critical infrastructure providers, for example, would look to the recently updated Security of Critical Infrastructure (SOCI) Act and the relevant controls under the Australian Signals Directorate’s (ASD) Information Security Manual (ISM). Government agencies can look to different levels under the government’s Essential Eight maturity model, for which all are now required to meet Level Two.

Different organisations will align to different measures, but all will at the very least need real-time visibility over who and what connects to their network, as well as real indicators on where their vulnerabilities may lie.

Leveraging the core network services of DNS, DHCP and IP address management (DDI) can help to identify assets that need to be protected and provide up-to-date threat intelligence to defend against threats from the deep dark corners of the web other solutions might miss.

This is particularly important considering that 92% of malicious domains can be blocked using the DNS, and protective DNS as well as proactive DNS detection and response (DNSDR) can play the all-important role of first line of defence, stopping threats before they occur.

The asset data delivered by these core network services provides invaluable context from a security perspective and can assist in streamlining other tools. Protective DNS and DNSDR can also see and stop critical threats that other approaches might miss, demonstrating how looking beyond traditional security measures is an important step towards a holistic approach.

Further, for all federal, state and territory government entities that perform critical services for Australians, the Australian Cyber Security Centre (ACSC) has even made its protective DNS system, AUPDNS, available at no cost.

Beyond these entities, the Australian Signals Directorate (ASD) provides guidelines for small and medium businesses, large enterprises and government agencies on DNS security, as well as mitigation strategies to reduce the risk of DNS subversion or compromise.

The sheer volume of information required to track where users and IoT devices want to go in today’s digital world makes automated DNS query and response logging the most practical tool and a Swiss Army Knife for real-time threat analysis and forensics.

Educate to evolve

The importance of education in this discussion can’t be underestimated either. Optimal cybersecurity is not a destination, but a constantly changing environment that needs continuous education, training and innovation to succeed.

This is why initiatives such as the government’s Small Business Cyber Resilience Service program — which aims to build in-house cyber capability and provide cybersecurity training to more than 50,000 people — and the recently announced $38.2 million injection into a range of STEM programs are vital.

Australia’s tech and cyber industries should also support this education drive by providing free training courses where appropriate for customers, partners and other stakeholders to raise our collective cyber defences.

With responsive, resilient network and DNS protection in place, rationalised security environments mapped to the appropriate regulations, standards and policies, and greater education and training from government and industry, Australia could be in pole position to lead the world on defining a mature, holistic and efficient cybersecurity posture.

*Tim Hartman is Australia and New Zealand head of solution architecture for networking and security company Infoblox.

Image credit: iStock.com/anyaberkut