Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.
The five key pillars of Australia’s 2020 Cyber Security Strategy
The cybersecurity industry has been advocating for a much more substantial level of attention and investment in Australia’s cyber defences for quite some time.
With threats rising and Australian business generally ill-equipped to handle cyber risks, strengthening our collective cyber resilience is crucial. But adoption has been slow. Businesses have been reluctant to invest in cybersecurity because its output is intangible and difficult to tie directly to ROI.
The recent data breach of Western Australia’s coronavirus management system is a strong example of what can happen when end-to-end security and privacy is not invested in sufficiently or proactively. The importance of cybersecurity goes well beyond the performance of our national technology infrastructure. It’s about our absolute dependence on critical infrastructure, businesses keeping their doors open and the livelihood of our citizens.
That’s why for us in the cybersecurity industry, it’s been heartening to see The Industry Advisory Panel (IAP) report on Australia’s 2020 Cyber Security Strategy. The government is actively encouraging both the public and private sectors to build resilience and take security more seriously than they have to date. The Panel’s recommendations lay the groundwork for building robust and adaptable defences that can keep up with evolving technologies and threats.
The framework the IAP suggests is based on five key pillars:
- Deterrence: deterring malicious actors from targeting Australia
- Prevention: preventing people and sectors in Australia from being compromised online
- Detection: identifying and responding quickly to cybersecurity threats
- Resilience: minimising the impact of cybersecurity incidents
- Investment: investing in essential cybersecurity enablers
I think the Deterrence’ pillar is particularly relevant. It calls for the establishment of clear consequences for those targeting businesses and Australians. We need clear policies around data jurisdictions and accountabilities. It’s time to start enforcing best practice standards with substantial penalties around internet behaviour and cybersecurity, for example the ‘Essential Eight’, email authentication, policy and reporting protocols, and public data storage.
The ‘Prevention’ pillar calls for Australians to be supported with advice on how to practice safe behaviours at home and work. Awareness training is the antidote to human error, which is the single biggest cause of cyber breaches. As we move more online we need to continue to educate businesses and citizens on the risks as well as the productivity gains that come from going digital.
Sharing of real-time threat information, as outlined in the ‘Detection’ pillar, is critical to blocking threats early. Having the right information on hand enables us to and deal with threats before they become a major problem – particularly as 90% of attacks begin with email.
As for the ‘Resilience’ pillar, the threat of malicious cyber activity is now part of our daily lives. We need to accept that and be prepared for it. When cyber disruption occurs, businesses need to be able to continue working and bounce back to standard operating procedures as soon as possible. Designing processes and organisations to be resilient is the key to keeping our critical infrastructure up and running even through an attack.
There’s an obvious link between this report and the current shift in the global geopolitical landscape. To ensure security, we need technology and business solutions that are hosted onshore and owned by companies in the “Five Eyes” community. That way, we’ll know where our data is and who’s handling it. Australian businesses need to consider local investment in services, capability and cybersecurity skills. It’s in their own best interests to rely on homegrown Australian services, as opposed to trusting some overseas provider with their confidential data.
Even though Australia is ahead of many countries in terms of skills and technology, we still have a lot of work ahead of us if we want to build a digitally-secure future. This report does a great job of laying out a roadmap to that future.