The very fact that critical data and assets are constantly compromised has led the Australian Government to take action to protect the essential services all Australians rely on.
By CyberArk Regional Director ANZ Thomas Fikentscher.
Every day we hear about Australian businesses and critical infrastructures being targeted by cyberattacks, often to a quite staggering degree.
If you’re involved in the food and grocery sector and not aware of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 currently before Parliament, then you should be. Food and grocery is one of 11 new sectors deemed as ‘critical’ for Australia that have been added to the Bill, citing the industry as a key component for the sustainment of life for all Australians.
Critical infrastructure is increasingly becoming the target, with the intent to cause significant supply bottlenecks or disruptions to public safety. The effects can have serious ramifications.
Any attack on critical infrastructure is not only detrimental to an organisation’s brand reputation, but it can have significant impact on the social and economic wellbeing of the country. According to the Australian Food and Grocery Council (AFGC), the food and grocery manufacturing sector makes a substantial contribution to the Australian economy, with an annual turnover in the 2018-19 financial year of $127.1 billion.
What does this mean for your business?
At this stage it’s unclear when the Bill will be passed by Parliament, but when it does, it will enable the Minister for Home Affairs to declare those entities that are integral to the supply chain of food and groceries in Australia to be critical.
Once the Bill is passed, the regulatory burden for critical infrastructure assets may increase, as well as the government’s powers over those assets. A food and grocery asset is deemed critical if it’s a network that is used for the distribution or supply of food or groceries. Also, if the asset is owned or operated by an entity that is declared to be a critical supermarket retailer, food wholesaler or grocery wholesaler.
Essentially, relevant food and grocery organisations will need to ensure their own digital, personal and physical systems, as well as those of your suppliers, meet minimum prescribed protective standards.
Start taking action now
The impending Bill serves as a wakeup call for all food and grocery organisations – whether they’re critical infrastructure operators, or third-party suppliers and contractors – to review their cyber security hygiene levels.
Once passed, it will be important that businesses comply with this proposed legislation and prove who has access to its networks and how much control both internal and external users have of systems and data. Also, they must have visibility across any potential security risks or breaches. This information can then be used by the government to determine whether there are any perceived security loopholes or risks to national security.
Protect the gateway to valuable assets
In today’s hybrid and multi-cloud world, identity is the new perimeter. Any identity – whether customer, remote worker, third-party vendor, device or application – can become privileged under certain conditions, creating an attack path to an organisation’s most valuable assets.
Identity security focuses on securing individual identities throughout the cycle of accessing critical assets. At its foundation is a zero trust – never trust, always verify – approach. This ensures every identity is verified with multi factor authentication (MFA) and single sign-on (SSO), devices are validated, and access is limited to just what they need. Think of identity security as the ultimate gatekeeper for who gets access to what, where and for how long.
All of these factors assist with requests for information from the government by easily producing detailed audit trails and access histories to exhibit compliance.
Get your security posture in check
It’s vital for food and grocery organisations to do everything they can to prevent the compromise of critical infrastructure and assets, from both internal and external threat actors.
Not only do organisations risk being penalised by the government for being non-compliant, it can also have a long-term economic and social impact on the country. With the new legislation in Parliament, now is the time to review the security posture of your organisation.
About Thomas Fikentscher
Thomas Fikentscher is the regional director of Australia and New Zealand for CyberArk. Based in Sydney, Thomas is responsible for driving strong customer and partner engagement, while expanding CyberArk’s emerging identity security business in the region. For more information visit: cyberark.com.