Torna agli Approfondimenti
Australian GovernmentCyber PolicyEssential EightMFA

When Will the Australian Government Act on Cyber?

MM
Murray Mills
2 min read

The Questions We Should Be Asking

As we consider our future security as a country, business ecosystem, critical government services, and citizens, several questions demand attention:

  1. When will the Australian Government mandate a security standard for all businesses? Not just suggestions, but enforceable mandates for security standards, compliance, and reporting, and not just for critical government services.

  2. How many more major security incidents are required? How many more horrific stories of citizens and businesses losing everything will it take?

  3. Are the standards strong enough? Are the recommendations the government makes for our critical services and businesses sufficient to counter the modern threat landscape?

  4. Are our national cyber defences adequate? Do we rely on single companies to do much of the heavy lifting?

  5. Do we communicate effectively? Are we conveying cyber security risks to all our citizens in a way that resonates with their generation?

The MFA Example

It would surprise many, or perhaps some, that I'm not referring solely to the latest security incidents. I'm referring to the constant barrage of security incidents from the past and how the lessons learned seem to fall by the wayside.

We could all agree that multi-factor authentication (MFA) is a basic security standard these days. However, though it's considered one of the most fundamental controls, many businesses and critical services have either:

  • Neglected this implementation entirely
  • Are just getting around to it now
  • Have implemented it poorly

In my own experience with critical services, I've found 20 examples of well-known companies offering critical services with subpar MFA implementation or simply no MFA implementation at all.

MFA is just one example of how our government's lack of a strong mandate and specific standards for security deployments is increasing our risk as citizens.

It's Not All on the Government

So many companies, boards, and security departments are heading in the right direction, spending the appropriate amount of time and investment into security, endorsing security strategies, and implementing robust risk frameworks.

But security takes strong leadership. Leadership for nation-based threats and standards starts with our government, which can give businesses and security professionals the mandate to implement the controls that are genuinely needed.

The question remains: when will that mandate come?

Hai bisogno di guida sulla cyber security per la tua organizzazione?

Contattami

Fai la Differenza con una Guida Esperta

Lavoriamo Insieme