Adapting to new cybersecurity challenges: a roadmap for Australian government agencies

Given the rise in cyber threats against government networks and critical infrastructure sectors, a modern identity security strategy is crucial to protect classified data.

As cybersecurity threats evolve at an unprecedented rate, Australian government agencies face a pressing need to reassess and fortify their identity security posture. With recent trends indicating an escalation in sophisticated cyber threats with the potential to impact government networks and critical infrastructure, the urgency to act must not be ignored.

The changing cybersecurity landscape

The Australian cybersecurity landscape is witnessing an alarming rise in targeted attacks. The ASD Cyber Threat Report (July 2022–June 2023) highlights a 23% increase in cybercrime reports with an average of one report every six minutes, reflecting the complex volume of threats that government agencies must navigate.

Equally pressing, the Australian Government is once again ranked as a top five industry in terms of data breaches. According to the February 2024 OAIC data breach report, human error was the main cause for placing top five after nearly three years. The report highlights the risk of outsourcing personal information to external parties as a contributor to the uptick in data breaches.

All this begs the question: what can government agencies do to prevent insider threats, including simple mistakes and human error? How can agencies granularly understand and control access and identity governance for all third parties?

Identity governance plays a pivotal role in modernising cybersecurity strategies. Agile AI-driven identity security can help organisations prevent, pause and sound the alarm bells on unusual behaviour as it happens. This fundamental shift in perspective, from securing systems and locations to securing individuals, marks a departure from traditional cybersecurity approaches.

By adopting a ‘least privilege’ approach, granting individuals only the access rights they need to perform their tasks, organisations eliminate unnecessary access rights and reduce potential damage from compromised accounts or human error. Combined with a robust identity and cybersecurity strategy, Australian government agencies can reduce and remediate human error issues faster and with the same number of resources (or fewer).

However, SailPoint’s State of Identity Security in ANZ report reveals gaps in organisational preparedness, underscoring the need for a more robust identity security framework. Many organisations have been slow to adopt comprehensive identity security measures, with nearly one-third of respondents noting ‘justifying a budget to upgrade identity solutions’ as the most commonly mentioned hurdle. This hesitancy leaves them vulnerable to attacks and compliance lapses, with potentially severe consequences.

Aligning with Australia’s cybersecurity strategy

Australian government agencies must prioritise the implementation of proactive and sophisticated identity governance strategies. By doing so, they can not only mitigate the risk of exposure to emerging threats, but also ensure they are aligned and comply with national cybersecurity measures and objectives outlined in the Australian Cyber Security Strategy.

The Australian Cyber Security Strategy 2023–2030 outlines ambitious goals to safeguard national interests and become a world leader in cybersecurity. Central to this strategy are the ‘six shields’, as noted in the plan: strong businesses and citizens, world-class threat sharing and blocking, protected critical infrastructure, sovereign capabilities, and resilient region and global leadership. Government agencies must align their cybersecurity measures with these objectives, with identity governance being an integral component.

Advanced identity solutions for enhanced protection

Given the rise in cyber threats against government networks and critical infrastructure sectors, a modern identity security strategy is crucial to protect classified data.

Advanced identity solutions, leveraging AI and machine learning are crucial in enhancing cybersecurity, reducing operational costs and ensuring compliance. The evolution towards true SaaS, multitenant solutions offer scalability, predictive analytics and real-time monitoring, enhancing the government’s ability to anticipate and respond to threats.

Last year, the Department of Customer Service NSW (DCS) announced its move from on-premise, self-hosted software to a SaaS-based solution. Consolidation as well as improved scalability, reliability and enhanced capabilities were reported as the driver of the decision to migrate to a SaaS-based model and enable DCS to “evolve the digital delivery of leading government services to the people of NSW”, according to their spokesperson.

By implementing autonomous identity security solutions, Australian government agencies can reduce complexity and human error, eliminate up to 90% of manual identity security tasks, and meet regulatory and compliance standards, while ensuring stronger security controls for the organisation. AI-driven identity security can accelerate organisational change by as much as 30% through quicker integration of identities, applications, data and infrastructure.

Standards in cybersecurity assessments

IRAP assessment, aligned with the Australian Signals Directorate (ASD) and Information Security Manual (ISM) standards, is also essential for government departments choosing service providers. This certification provides Australian government agencies with the confidence that the platform excels in managing identity security across cloud environments, reinforcing its capability to automate and securely manage user access across their IT environments, protect critical infrastructure and meet stringent regulatory compliance requirements.

As cyber threats continue to evolve, aligning cybersecurity strategies with national objectives has never been more crucial. Government entities must take proactive steps to modernise their identity security posture, ensuring they are well equipped to navigate the challenges of the digital landscape.

*Nam Lam is the regional leader for Australia & New Zealand at Sailpoint. With over 18 years of IT and IT security industry experience, Nam is passionate about bringing positive change through providing a superior customer experience at all interactions.

Top image credit: iStock.com/da-kuk