Story image

BlackBerry think tank report delves into Australia's state of security

07 Mar 17

A new think tank report by BlackBerry says that Australia’s cyber risk is changing all the way down to infrastructure and even to the people behind it.

With digital attacks increasing and the potential price tag reaching around $2 billion per year, the report aimed to find out the varied challenges we face in the future and how to develop better risk management strategies. 

The report, titled ’Is your organisation ready for a crisis? The future of security in Australia’, drew on opinions from Australia’s top executives, including Former US Ambassador to Australia; Jeffrey Bleich, John Durbridge, head of campus security at Macquarie University; Jetstar CIO Claudine Ogilvie, Craig Davies, CEO of Australian Cybersecurity Growth Network; and Rex Stevenson, former Director General for the Australian Secret Intelligence Service.

The first major challenge is how government and private enterprise come together to collaborate. The foundation is there, but the next steps need to be taken, says BlackBerry’s VP of Government Solutions, Sinisha Patkovic.

“There are some considerable challenges in bringing government and private enterprises together when it comes to cybersecurity. Everyone has a slightly different expectation and view about what a nationally coordinated approach would look like. Fortunately, I think Australia already has a lot of the right foundations in place for such collaboration, it’s now about taking the next steps,” he says.

According to the report, the next steps could be about educating Australians about cyber protection, improving dialogue between government and enterprise, particularly breach reporting, better government transparency about emerging and likely cyber attacks, and closer collaborations between private organisations themselves.

Organisations are also facing a rapid scramble to arm themselves against attacks and protect their networks, the support says.

“At times it really does feel like an arms race. The better we get at finding countermeasures, those countermeasures then become a training ground for adversaries to find better exploits. As a company, you need be methodical about removing classes of threats completely. Keeping focused on the root cause is very important,” comments Dr Liming Zhu, CSIRO’s research director of Software and Computational Systems.

The report also talks about ‘script kiddies’, hackers who use off-the-shelf DDoS products to bring down organisations. While most participants weren’t specifically concerned by these attacks, it does show that organisations must be vigilant.

Participants were also concerned about IoT security, but those connections can also better protect cities.

“The notion that people think differently in the virtual and physical world is a fiction. We need to observe human nature and apply this to both spheres, where we are now operating simultaneously,” Bleich comments.

The human factor is also addressed in the report.

“Unless security is driven from the very top of the organisation, you’re not going to get any real change. The CEO needs to get behind it and push it, otherwise all of your effort trying to change the rest of the organisation is lost. You need the commitment right through the organisation, but it needs to start with the most senior executives,” Stevenson says.

The think tank came up with four ways that the ‘human element’ to security can be overcome: Educate and test employee adherence to security strategy; design strategies for the people, not the product; and maintain awareness of how behaviour patterns shift over time. 

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.