Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

The Australian Notifiable Data Breaches Scheme: Are You Prepared to Comply?

February 14, 2018

  • Blog
  • Archive

Australian Notifiable Data Breaches Scheme

This month, the Essential 8 turns one year old, and it’s not an accident that its first anniversary will coincide with the launch of the mandatory data breach notification law in Australia, the Notifiable Data Breaches scheme (NDB scheme). These two acts underscore Australia’s efforts to lift its cyber-security game – but is your organization ready to comply?

What is Australian Notifiable Data Breaches Scheme and who does it apply to?

The NDB scheme of the Privacy Act of 1988 obliges organizations to notify individuals whose personal information has been involved in a data breach that could result in serious harm. Called “eligible data breaches” under the Act, all Australian organizations – government, commercial, not for profit and others with an annual turnover of $3 million or more – must be prepared to conduct an assessment of a suspected breach to determine whether it’s likely to result in serious harm.

Proactive Controls Mitigate Risks

The best way to protect your organisation from the repercussions of a public breach notification is to prevent the breach from happening, or stop the intruders before they cause real damage. Easier said than done, for certain.

Consider a typical attack chain and where the weakest links in that chain are. If you look at the most common pathway that outside attackers take, for example, it’s first to exploit the perimeter in some way; taking advantage of asset vulnerabilities, phishing, other social engineering-type attacks. Next, the attacker hijacks and exploits privileges or passwords in order to move to the final step –lateral movement and their ultimate goal – your customer’s private data.

Shrinking the Attack Surface

Overcoming the weak links in the attack chain involves a multi-layered approach to data protection and security, including:

  • Closing perimeter vulnerabilities and gaps through constant scanning, correlation of risks and prioritization
  • Eliminating credential sharing – those highly-privileged accounts in use by administrators and power users
  • Restricting user administrator privileges and monitoring behaviour
  • Monitoring and auditing privileged user sessions and protected files

Adopting the “Essential 8” Mitigation Strategies Recommended by the ASD is a Good Start

The Australian Signals Directorate has identified eight of the most important controls organizations can put in place to mitigate cyber security risks, such as data breaches. This common-sense framework enforces the basics and addresses the weak points in the attack chain noted above, including:

  • Application allow listing
  • Patching applications
  • Restricting administrator privileges
  • Patching operating systems
  • Disabling untrusted Microsoft Office macros
  • Hardening user applications
  • Implementing multi-factor authentication
  • Backing up important data daily

Accomplishing this feat doesn’t have to be gruelling, expensive or require several vendors. In fact, BeyondTrust’s privileged access management and vulnerability management solutions – unified by a central console – addresses seven of the eight ASD strategies, including all “Top 4.”

Are you ready for the enforcement of the NBD scheme? Start by comparing your cyber security practices against the ASD Essential Eight. Download our report today and learn how.

Scott Lang

Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.