Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.
In the wake of increasing cybersecurity incidents across Australia, Canberra plans to invest A$1.35 billion over the next 10 years to fortify the country’s cybersecurity defences.
A few weeks ago, the government announced that all levels of the government organisations, political bodies, essential service providers and operators of critical infrastructure were seeing a sharp rise in malicious cyber activity. Cybercrime is a growing national threat that most Australian organisations are still underprepared to handle.
In my view, the government’s plan to strengthen cybersecurity is an incremental response to a radical problem. Obviously, it’s good to hear that the government understands the challenge and is taking steps to address it, but the problem goes far beyond just technology, and so must its solution.
All countries face enormous challenges when it comes to cyber defence, and Australia is arguably among the top countries in cybersecurity worldwide. But even after a decade of incremental reforms, most government agencies are still making do with only baseline cybersecurity measures. The ASD has identified four key cybersecurity strategy areas (analysis, systems architecture, operations and testing) but these are only part of the skills needed to build a well-rounded cyber defence. Add to that the chronic skills shortage and universities that struggle to train people at advanced levels, we have a long way to go before we can realise our national cybersecurity goals. The good news is, we can expect a booming demand for cybersecurity professionals, so if you’re thinking about getting into the industry, there’s no time like the present! However, talent is just part of the picture. The bigger issue is organisational culture and how they approach cybersecurity.
Aside from the government mandating the bare minimum standards for cybersecurity, we need an overhaul of standard cybersecurity practices in our organisations. Australian organisations, whether government or private, need to make cybersecurity a central part of their business and operational planning. That means an overhaul of business planning, operations and management practices from the ground up to make sure security stays watertight end-to-end. Given how Human Error is our biggest vulnerability, and cultivating a cyber-aware culture is one of the most important things we can do to secure our organisations.
Arguably, this is harder to do than just bolting on high-tech cyber tools on top of our existing processes. But the pay-off is tremendous: cultivating cyber awareness will do more for our collective cybersecurity posture (and at a much lower cost) than all the technology in the world.
And when we say people, that means everyone across the organisation. From CEOs and department heads to front-line services and everyone in between, regular cyber awareness training should be mandated for anyone who works with digital technology. Cyber evaluations, testing and training need to be part of every worker’s role.
If we obsess about the technology and only pay lip-service to building a culture of cyber-awareness, Australia’s cybersecurity posture will continue to remain fragmented, inadequate and vulnerable. People, processes and technology need to work together to make the dream of a cyber-resilient Australia come to life.