Improving Essential Eight compliance is also important for wider regulatory compliance
With recent cyber-attacks on Australian companies exposing how small weaknesses can be exploited and result in massive repercussions, it is more important than ever to meet ASD Essential Eight compliance for security and data protection.
As organisations face an increasingly complex mix of risk, ransomware and Essential Eight compliance, Secure Agility and Rubrik hosted a lunch and roundtable discussion about the current state of ransomware in Australia.
Attendees discussed risk and compliance regulations, and tactics to ensure business integrity and resilience in the face of attack.
Included was Dovid Clarke, Head of Cyber Security at Sydney Airport, who recently completed a project to uplift the airport’s security and data protection capabilities. He has held security roles in organisations including CBA and NSW Health.
Sydney Airport is Australia’s busiest airport with over 40 million passengers per year. The airport operates in a critical environment and any ICT system downtime adversely impacts the service Sydney Airport offers to its retail customers and thousands of travellers.
Sky is the limit when it comes to ransomware attacks
It is an unfortunate fact that Ransomware attacks are increasing and getting smarter.
Attackers are now targeting backups in addition to primary data stores and cyber-breaches are becoming more pervasive across any industry, regardless of company size and geography.
The attendees agreed this increasing sophistication means legacy backup and recovery products are a liability to your business.
With security and data protection more integrated, Rubrik and Secure Agility ensure organisations are fully secure with maximum protection against hackers and ransomware attacks.
IT leaders need to understand how large organisations are still getting hit and what options they have available to recover immediately without paying the ransom being contemplated.
Sydney airport eyed unified backups and improved security
At Sydney Airport, Dovid and his team had a clear goal to bring together data protection and security to mitigate the ransomware risk.
The goals included simplifying and modernising backups, improving security, and segmenting IT and OT to defeat ransomware.
According to Charlie Tannous, Director of Technology at Secure Agility, the traditional ‘fortification approach’ to security is not enough to protect an organisation from ransomware, and data protection needs to be part of a broader strategy.
“Ransomware thrives on access to data, so organisations must ensure data protection is not in a silo. If you don’t have an end-to-end security and data protection strategy you’re exposed to gaps ransomware, and other malware, can exploit,” Tannous said.
Taking off with zero trust data management
To achieve its modernisation goal, the team at Sydney Airport collaborated with Rubrik and Secure Agility to shore up and protect their data management strategy.
By deploying the Rubrik Zero Trust Data Management framework Sydney Airport immediate gained access to features generally not available in disparate data protection applications.
The advanced features include:
• End-to-end encryption
• Logical air gap
• Secured administrator authentication using multifactor authentication
• Backup data retention compliance locks
In addition, Secure Agility takes the administration load off the internal team with managed services for data protection.
Clarke said improving Essential Eight compliance is also important for wider regulatory compliance.
“By being built-in and out-of-box, Rubrik meets our Essential Eight Level 3 requirements,” Clarke said.
“It will be a cornerstone in empowering Sydney Airport to achieve the highest levels of data security and regulatory compliance.”
Secure, efficient data protection now on autopilot
With a simple, consolidated, and scalable data management platform now in place, Sydney Airport benefits from maximum data immutability, cyber resiliency, and rapid recovery.
The capability to perform efficient backups and disaster recovery with near zero recovery time and point objectives (RTO and RPO) also give the team the option of cloud or off-premises disk backups for long-term retention.
Better data lifecycle management has also delivered improved data governance at Sydney Airport.
Ever wondered how a ransomware attack may unfold across your organisation? Who is affected and how the agendas of each stakeholder can influence the outcome?
Contact us to schedule a free simulation exercise that you will find eye-opening.
“If you don’t have an end-to-end security and data protection strategy you’re exposed to gaps ransomware, and other malware, can exploit,” Charlie Tannous, Secure Agility