sb-au logo
Story image

Cybersecurity is a growth accelerator, not a handbrake - experts

05 Aug 2019

Cybersecurity is a growth accelerator not a handbrake on business – that’s one of the key messages from a group of security experts who gathered in Sydney to discuss the state of cybersecurity in Australian businesses.

Aura Information Security hosted the panel, which included Australia country manager Michael Warnock, as well as speakers from AustCyber, Ecosystm, IoTSec Australia, and Telstra.

According to Warnock, organisations that manage their protection requirements successfully can take advantage of major opportunities – but it’s the country’s medium-size businesses that feel the ‘make or break’ impact of cybersecurity the most.

AustCyber CEO Michelle Price notes that organisations are trying to be competitive and grow revenue, but they are also becoming more confused by the growing number of regulatory requirements.

She believes that there is a lack of coordination in the Australian regulatory landscape. Organisations must keep pace with regulation, balance supply chain implications, digitalisation, and workplace disruption. 

The interplay between privacy standards, security standards, regulation, and legislation can also make the landscape more challenging for businesses that export goods.

Ecosystm principal advisor of cybersecurity and incident response Carl Woerndle notes that Australian businesses are leaders and laggards in cyber-readiness and resilience.

Australian firms have been slow to engage with third party advisory firms - one of the accepted measures of cybersecurity maturity in the developed world.

Ecosystm research found that 29% of Australian businesses have done so, compared with the global figure of 5%. Cyber insurance uptake is also low: it stands at 40% in Australia, compared to 64% in the United States.

More than half of the organisations Ecosystm has studied are planning to implement incident response and threat analysis and intelligence solutions this financial year, notes Woerndle.

IoTSec Australia security advisor Ashish Mahajan suggests that regulatory bodies should not be solely responsible for maintaining high standards of cyber protection.

Mahajan suggests that businesses should conduct their own risk assessments, risk analysis, and raise end user awareness to develop a more robust and cyber-resilient community.

Mahajan also notes that Australia is now home to an ecosystem of cybersecurity businesses that can take advantage of the growing threat landscape.

Telstra national cybersecurity advisor Jennifer Stockwell notes that organisations generally considered cybersecurity incursions from a commercial standpoint, but it’s also important to apply a national lens to cybersecurity.

She notes that there are more global attacks with motivations ranging from espionage to sabotage, so it’s essential to understand why threat actors are conducting these attacks. Stockwell suggests that businesses should develop and maintain a picture of the broader geopolitical cyber threat drivers.

Speakers agreed that cybersecurity is everybody’s business. They suggest the following immediate actions:

•    Focus on fixing known vulnerabilities - many vulnerabilities discovered during routine network penetration tests are known, with some having been public for more than a decade. When you consider web-based applications are a key gateway to organisational data, that’s simply not good enough. No Australian business should have known, published vulnerabilities sitting in their networks waiting for a malicious hacker to exploit them.

•    Know the Australian Government’s Essential Eight cyber security risk mitigation strategies, published by the Australian Signals Directorate.

•    Invest in organisational training and raise awareness, including the responsibilities of all staff in managing what is a set of business risks, not IT risks.

•    Add cybersecurity to your overall risk and compliance strategy reviewed regularly top down.

•    Recognise no organisation is immune from a cyber attack, underscoring the importance of cyber resilience.

•    If you’re not sure where to start, engage a trusted third party organisation to perform a security gap analysis on your business.

Story image
App security not keeping up with rapid development — Radware
“With more than 70% of respondents reporting that their production apps have already left the data centre, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.”More
Story image
Malware variants becoming increasingly prevalent, sophisticated and evolved
"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them."More
Story image
Demystifying 'zero trust' and its role in cybersecurity
The principle of ‘zero trust’ in cybersecurity is simple: Trust nothing, and verify everything.More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More
Story image
Check Point uncovers live Linux attack, urges users to take action
“What we have identified is a live and ongoing cyber attack campaign targeting specific Linux users."More
Story image
Aruba ClearPass recognised by independent evaluation program
Aruba’s ClearPass Security Portfolio has recevived the coveted Cyber Catalyst designation, according to a statement from the company. More