SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybersecurity is a growth accelerator, not a handbrake - experts
Mon, 5th Aug 2019
FYI, this story is more than a year old

Cybersecurity is a growth accelerator not a handbrake on business – that's one of the key messages from a group of security experts who gathered in Sydney to discuss the state of cybersecurity in Australian businesses.

Aura Information Security hosted the panel, which included Australia country manager Michael Warnock, as well as speakers from AustCyber, Ecosystm, IoTSec Australia, and Telstra.

According to Warnock, organisations that manage their protection requirements successfully can take advantage of major opportunities – but it's the country's medium-size businesses that feel the ‘make or break' impact of cybersecurity the most.

AustCyber CEO Michelle Price notes that organisations are trying to be competitive and grow revenue, but they are also becoming more confused by the growing number of regulatory requirements.

She believes that there is a lack of coordination in the Australian regulatory landscape. Organisations must keep pace with regulation, balance supply chain implications, digitalisation, and workplace disruption.

The interplay between privacy standards, security standards, regulation, and legislation can also make the landscape more challenging for businesses that export goods.

Ecosystm principal advisor of cybersecurity and incident response Carl Woerndle notes that Australian businesses are leaders and laggards in cyber-readiness and resilience.

Australian firms have been slow to engage with third party advisory firms - one of the accepted measures of cybersecurity maturity in the developed world.

Ecosystm research found that 29% of Australian businesses have done so, compared with the global figure of 5%. Cyber insurance uptake is also low: it stands at 40% in Australia, compared to 64% in the United States.

More than half of the organisations Ecosystm has studied are planning to implement incident response and threat analysis and intelligence solutions this financial year, notes Woerndle.

IoTSec Australia security advisor Ashish Mahajan suggests that regulatory bodies should not be solely responsible for maintaining high standards of cyber protection.

Mahajan suggests that businesses should conduct their own risk assessments, risk analysis, and raise end user awareness to develop a more robust and cyber-resilient community.

Mahajan also notes that Australia is now home to an ecosystem of cybersecurity businesses that can take advantage of the growing threat landscape.

Telstra national cybersecurity advisor Jennifer Stockwell notes that organisations generally considered cybersecurity incursions from a commercial standpoint, but it's also important to apply a national lens to cybersecurity.

She notes that there are more global attacks with motivations ranging from espionage to sabotage, so it's essential to understand why threat actors are conducting these attacks. Stockwell suggests that businesses should develop and maintain a picture of the broader geopolitical cyber threat drivers.

Speakers agreed that cybersecurity is everybody's business. They suggest the following immediate actions:

•    Focus on fixing known vulnerabilities - many vulnerabilities discovered during routine network penetration tests are known, with some having been public for more than a decade. When you consider web-based applications are a key gateway to organisational data, that's simply not good enough. No Australian business should have known, published vulnerabilities sitting in their networks waiting for a malicious hacker to exploit them.

•    Know the Australian Government's Essential Eight cyber security risk mitigation strategies, published by the Australian Signals Directorate.

•    Invest in organisational training and raise awareness, including the responsibilities of all staff in managing what is a set of business risks, not IT risks.

•    Add cybersecurity to your overall risk and compliance strategy reviewed regularly top down.

•    Recognise no organisation is immune from a cyber attack, underscoring the importance of cyber resilience.

•    If you're not sure where to start, engage a trusted third party organisation to perform a security gap analysis on your business.