Data Privacy Day: CyberArk stresses identity-centric cybersecurity
In light of the upcoming Data Privacy Day, Andrew Slavkovic, Solutions Engineering Director for ANZ at CyberArk, emphasises the critical need for Australian organisations to adopt a proactive stance in safeguarding sensitive data beyond merely complying with regulatory standards.
Data Privacy Day serves as a timely reminder of the evolving landscape of data protection. Slavkovic points out that with the proposed changes to the Privacy Act, Australia is moving in the right direction. However, he stresses that mere compliance with regulations is not sufficient. "It is imperative for organisations to go beyond regulatory compliance and proactively safeguard sensitive data," Slavkovic asserts.
The urgency of this matter is underscored by the increasing volume of data collected and stored by organisations. Slavkovic observes, "Organisations are now collecting and storing more data than ever." He predicts that this trend will only continue to escalate as organisations increasingly invest in AI initiatives in 2024.
A concerning practice highlighted by Slavkovic is the dependency of organisations on third parties for data protection, often without thorough verification of their data protection measures. "There is often a lack of understanding on who can access the data and of even more concern the business impact if it were to be compromised," he notes. This trend underscores the potential vulnerabilities in the current approaches to data privacy and security.
In response to these challenges, Slavkovic advocates for a robust and comprehensive cybersecurity strategy, with a particular emphasis on identity security. "Identity security is paramount to a zero-trust security mindset," he explains. According to Slavkovic, this involves a perpetual process of verification, where abnormal activities by any identity are immediately challenged in real time by applying security controls to validate actions.
The process starts with understanding how an identity accesses information and the value of that data. "After this, we can start to apply the appropriate level of security controls," Slavkovic says. This approach enables the establishment of a pattern of usual behaviour, allowing for any deviation to be promptly challenged in real time.
Slavkovic's perspective reflects a growing consensus in the cybersecurity field: data privacy and safety extend beyond mere compliance. "Ultimately, data privacy and safety goes beyond compliance – it's about a holistic approach to cybersecurity, with identity at its core," he concludes.
As Data Privacy Day approaches, Slavkovic's insights offer a crucial blueprint for organisations to rethink and reinforce their cybersecurity strategies. In an era where data breaches are increasingly common and the volume of data continues to grow, the emphasis on identity-centric cybersecurity could not be more timely or vital.