The Australian Notifiable Data Breach (NDB) scheme, which took effect on February 22, 2018, dramatically increases the penalties for failing to properly protect users’ personal data. The maximum fines that can be leveraged against an organisation could be as much as $1.8 million dollars.
Every organisation should closely examine what personally identifiable information (PII) it collects or otherwise handles.
Does any of this data belong to an Australian citizen? If so, the company should determine whether it is using that data for the purposes it originally intended, and whether it must continue collecting or storing that information. If the answers to these questions are yes, then the organisation needs to understand where it stores individuals’ personal data, how it protects that data, and how that information moves among corporate systems, as well as how the information is transferred to third parties.
How can you address key data protection requirements of NDB?
To effectively protect your systems your organisation requires security architecture that is tightly integrated and includes state-of-the-art systems providing the following six key capabilities:
Next Generation Firewalls. The first line of defence against intrusions targeting personally identifiable information (PII) is a Next Generation Firewall (NGFW) Some of the capabilities most relevant to organisations affected by NDB include:
- Multilayered security that uses advanced threat prevention to protect the entire attack surface
- High-performance security processor (SPU) for application-layer services that protect a corporate network while detecting data breaches hidden in SSL traffic via the industry’s fastest SSL inspection engine
- Single-pane-of-glass visibility and management for simplified deployment and consistent security policy controls
- Segmentation of network traffic, which minimises the breadth and depth of intrusions and minimises the attacker’s opportunity to access protected data
Fortinet FortiGate NGFWs are the perfect solution for protecting a network against intrusions and preventing data breaches, and they have garnered industry-wide recognition.
Endpoint Security. If firewalls are the first line of defence, endpoint security solutions need to be the second barrier. Companies will require the ability to stop data breaches from occurring, and moreover to meet NDB reporting requirements in the event of a breach. The Fortinet FortiClient solution enhances an organisation’s ability to achieve this. Relevant capabilities include:
- Stopping attacks and preventing their intrusion obviates data breaches long before they
- Clear visibility into security on endpoints throughout the company, as well as visibility into any vulnerabilities detected across the organization’s attack surface
Fortinet FortiClient has garnered industry recognition, including a 2017 “Recommended” rating from NSS Labs for Advanced Endpoint Protection solutions.
Email Gateway Security. Email security is crucial; a recent report found that two-thirds of malware was installed this way. Companies trying to secure their networks and data against cyber-attacks, a secure email gateway (SEG) is a must-have. A sophisticated SEG, FortiMail from Fortinet blocks ransomware, phishing, and other threats to PII using:
- Multilayered antispam technology that uses more than 12 sender, protocol, and content inspection techniques
- Anti-malware capabilities that combine static and dynamic technologies, including signature, heuristic, and behavioural techniques
- A robust set of data protection capabilities, including data loss prevention, email encryption, and email archiving technologies
Fortinet FortiMail is recognized for its superb threat detection efficacy.
Web Application Security. Hackers may use sophisticated techniques, such as SQL injection, cross-site scripting, buffer overflows, and cookie poisoning, to turn web applications into an access gateway. Protecting PII against these threats requires a multilayered approach to web application security. Some of the key ways in which FortiWeb web application firewalls enable organisations to protect against malicious intrusions include:
- Multiple layers of technology that identify threats through techniques such as IP reputation analysis, DDoS protection, protocol validation, examination of attack signatures, antivirus, and data loss prevention capabilities. Once again, stopping intrusions before they occur eliminates the possibility of data breaches
- A behavior-based detection engine that intelligently identifies any threats that stray from typical patterns of web traffic. This is particularly important in identifying unknown threats
- Native integration into the Fortinet Security Fabric that enables regular updates on emerging threats and the ability to share information about any exploits they detect
Fortinet FortiWeb also received a “Recommended” rating from NSS Labs in its 2017 Web Application Firewall Test
Comprehensive Management and Reporting. In 2016, cyber attackers who successfully entered a corporate network had on average,107 days to wreak havoc before the intrusion was detected. Reducing the length of time an intruder can explore the network limits their opportunity to initiate a data breach. To effectively shrink a prospective criminal’s window of opportunity, an organisation must ensure that all its security devices are performing at all times.
For this purpose, Fortinet offers a suite of products for security solution management—FortiManager, FortiAnalyzer, FortiSIEM, and FortiCloud—which, when combined, centralise the management of security devices across the network. Some of their core capabilities include: Streamlined visibility into security policy and device management.
- Streamlined visibility into security policy and device management. FortiManager enables network and security operations staff to initiate and synchronise a coordinated response to detected threats, and to manage security policies across all Fortinet devices and third-party solutions that are part of the Fortinet Security Fabric
- Centralised visibility into log and event data from security solutions companywide. FortiAnalyzer automatically retrieves and scans security logs, notifying the IT security team via dashboards and alerts anytime they detect a sign of compromise. Once again, rapid incident response is critical to NDB
- Analytics technology that aggregates and cross-correlates information from diverse sources, such as logs, performance metrics, and SNMP traps. FortiSIEM dynamically auto-discovers physical and virtual systems attached to the network and pulls information about these systems’ configurations into a centralized management database (CMDB). By cross-correlating performance, event, and log data in real time, FortiSIEM provides a holistic view of threats across the organisation’s entire attack surface
- Visibility into security systems from anywhere in the world. FortiCloud provides a web-based console that can be used to centrally control, and even deploy, all Fortinet Security Fabric devices
Secure Access Layer. The number and types of devices connecting to corporate networks continue to grow exponentially. Further, users want fast Wi-Fi, but organisations must also secure wireless access to their networks in order to minimise the chance of an intrusion and subsequent data breach. Fortinet Secure Access solutions include the ability to:
- Centralise identity management and user identification. FortiAuthenticator utilises a range of user identification methods to ensure that devices connecting to the corporate network receive only the appropriate role-based access privileges
- Secure access switches for an added layer of security. FortiSwitch products use device detection, DHCP snooping, and syslog collection that augment intrusion prevention and data protection within FortiGate NGFWs
- Solutions in the FortiToken line generate OATH-compliant, time-based one-time password (TOTP) tokens, an affordable second factor for companies moving to two-factor authentication. This enables organisations to ensure that only those who are authorised have access to specific applications
One of the most important steps an IT security director can take in preparation for a potential security breach is to evaluate the level of integration among the security systems the company has in place. Many companies run a hodgepodge of security technologies, each of which performs a specific function within the security infrastructure. The problem is that these systems are not designed to work together. When technologies don’t communicate, the IT team has a silo-based view of threats and lacks transparency across the entirety of the attack surface. Having to aggregate data across systems takes time, and gaps can occur in the analysis. In such an environment, hackers may be able to exploit the gaps in visibility between systems. And if a data breach is detected, scattered data and systems amplify the difficulty of determining whether the breach meets NDB reporting criteria. For all of these reasons, companies need an IT security infrastructure in which systems share threat information and deliver transparent visibility in real time.
Scope Logic are Security Leaders who can assist your business manage the evolving world of system security, complete the following survey to go into a competition to win a System Health Check, Consultation and Vulnerability Assessment Program valued at over $3,500.00.