Thomas Fikentscher
The fact that critical data and assets are constantly being compromised has led the Australian government to take steps to protect the essential services that all Australians rely on.
From CyberArk regional director ANZ Thomas Fikentscher.
Every day we hear of cyber attacks on Australian companies and critical infrastructure, often at terrifying levels.
If you are in the food and grocery sector and you are not aware of the 2020 draft law amending safety legislation (critical infrastructure) currently in parliament, you should do so. Food and groceries are one of 11 new sectors that are considered “critical” for Australia and have been included in the bill, citing the sector as a key component in sustaining the lives of all Australians.
Critical infrastructures are increasingly being targeted to cause significant supply bottlenecks or disruptions to public safety. The effects can be serious.
Any attack on critical infrastructure not only damages a brand's reputation, but can also have a significant impact on the country's social and economic well-being. According to the Australian Food and Grocery Council (AFGC), the food and grocery manufacturing sector is a major contributor to the Australian economy, with annual sales of $ 127.1 billion in FY 2018/19.
What does this mean for your company?
At this point it is unclear when the bill will be passed by Parliament, but if it does, it will allow the Home Secretary to declare as critical those entities that are integrated into the food and grocery supply chain in Australia.
Once the bill is passed, the regulatory burden on critical infrastructure assets and the government's powers over these assets may increase. A food and grocery value is considered critical when it comes to a network that is used for the distribution or delivery of food or groceries. Also if the asset is owned or operated by a company that is classified as a critical supermarket retailer, grocery wholesaler, or grocery wholesaler.
Essentially, relevant food and food companies must ensure that their own digital, personal and physical systems, as well as those of their suppliers, meet the prescribed minimum protection standards.
Start acting now
The upcoming law serves as a wake-up call for all food and grocery businesses – whether they are critical infrastructure operators or third party vendors and contractors – to review their cybersecurity sanitation.
Once passed, it is important that companies comply with this proposed legislation and demonstrate who has access to their networks and how much control both internal and external users have over systems and data. They also need to be aware of any potential security risks or breaches. This information can then be used by the government to determine if security breaches or threats to national security are being perceived.
Protect the gateway to valuable assets
In today's hybrid and multi-cloud world, identity is the new perimeter. Any identity – whether customer, remote worker, third party, device, or application – can be privileged under certain conditions, creating a pathway to attack a company's most valuable assets.
Identity security focuses on securing individual identities throughout the access cycle to critical assets. Its foundation is a Zero Trust – Never Trust, Always Verify – approach. This ensures that every identity is verified with multi-factor authentication (MFA) and single sign-on (SSO), devices are validated and access is limited to the bare minimum. Think of identity security as the ultimate gatekeeper who controls who has access to what, where and for how long.
All of these factors help government requests for information by easily creating detailed audit trails and access histories to demonstrate compliance.
Get a grip on your security status
It is vital for food and food companies to do everything possible to prevent internal and external threat actors from compromising critical infrastructure and assets.
Not only do companies risk government penalties, but they can also have long-term economic and social ramifications for the country. With the new legislation in Parliament, now is the time to review the security situation of your organization.
About Thomas Fikentscher
Thomas Fikentscher is the Regional Director for Australia and New Zealand for CyberArk. Thomas is based in Sydney and is responsible for driving strong customer and partner engagements while growing CyberArk's burgeoning identity security business in the region. For more information, please visit: cyberark.com.