Intelligent CIO APAC Issue 32 - Page 46

CIO OPINION methods , auditors need the technical acumen and mindset to reward companies for finding better security methods , not stifle them .
3 . Engage more with industry . The organizations facing daily attacks are the front-line experts on what works and what doesn ’ t . Regulatory agencies need to create ways for private sector leaders to share battle-won expertise and best practices . Otherwise , the agencies will likely focus on the things they know they can control : forcing companies to check compliance boxes rather than thinking meaningfully about what they are trying to protect against , and taking the steps needed to help safeguard themselves and their customers .
4 . Embrace automation . When it comes to promoting cybersecurity at scale , automation is essential . There is no human-based process sufficient for organizations the size of a Medibank or Optus to identify and remediate vulnerabilities and misconfigurations quickly enough to prevent massive damage . And yet , many in regulated industries such as financial services and healthcare , must still document their processes for tracking who signed off on a particular change to its software . Given how quickly bad actors can exploit new vulnerabilities , companies have replaced slow-moving manual ticketing for fixes with automated systems , applying approaches like infrastructure as code that can update applications and infrastructure in minutes or less . The regulatory requirements have to keep up with this new reality and challenge software and hardware vendors to improve the security capabilities they provide .
5 . Move faster . Every industry wants its regulators to keep up with the times and hopes for a constructive rather than a confrontational relationship . But when it comes to cybersecurity , speed and collaboration are mandatory . Software development methods evolve too fast , and the cost of falling behind is too high for the typical pace of governmental action . The average cost of a data breach in Australia is now US $ 4.35 million – climbing 12.7 % since 2020 .
Updating cybersecurity regulations is necessary to make the world a safer place but will also bring many other benefits . A fast , modern , automated approach to compliance will help unleash the full power of the cloud economy . Smart rules requiring adoption of current best practices would make Australian companies more secure and free them to innovate more rapidly and boldly , while keeping consumers and the society safe . p
46 INTELLIGENTCIO APAC www . intelligentcio . com