SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
The lowdown on Aussie Govt's Cyber Security Strategy
Tue, 26th Apr 2016
FYI, this story is more than a year old

Being connected is now essential, creating new opportunities for innovation and growth for all Australians. A study from the Australian government found that 2 in 3 Australians have a social media account, most spend almost a day every week online while 84% of Australian SMBs are online and one in two receive payments online.

To be competitive, businesses need to be online. But this also brings risks. Australia is increasingly a target for cyber crime and espionage.

In light of this, Malcom Turnbull recently announced Australia's Cyber Security Strategy for the future – in addition to revealing the Bureau of Meteorology suffered a significant cyber intrusion in 2015, while the Department of Parliamentary Services suffered a similar intrusion in recent years.

“The Internet is transforming how we socialise and do business in ways its founders could not have imagined,” Turnbull says. “It is changing how we are entertained and informed, affecting almost every aspect of our lives.

To help boost Australia's defences, the government will be making a significant investment in cyber security – more than $230 million over four years to enhance the country's cyber security capability and deliver new initiatives.

There is no doubt that there is significant change brewing, but what do some of Australia's cyber security professionals think?

Robbie Upcroft, Webroot APAC managing director

"Webroot is strongly encouraged by this announcement but we believe it can go further. It is great to see the Australian government launch an initiative that is going to benefit the whole country.

We are particularly encouraged by the scope of the announcement and believe it adequately covers key areas such as education. The announcement of the children's eSafety commissioner, Alastair MacGibbon, as the new special cyber security advisor to the Prime Minister is a really positive strategic move.

To have even more impact, we would like to see more focus on SMBs. Given the rapidly changing volume and nature of cyber threats impacting this sector, we know that cyber-attacks often lead to outages in SMBs and hurt them far more than larger organisations.

95% of all businesses are SMBs – we would strongly welcome specific action to better support SMBs in the cyber-security landscape.

Sam Ghebranious, CyberArk ANZ regional director

"To be successful at warding off future cyber attacks, Australian government departments and agencies need to design their security strategies from the inside out, taking the view that attackers may have already found their way into the IT infrastructure.

Historically, many government agencies have simply failed when it comes to the basics of passing Security 101, including patching servers, implementing regular system updates, and tightening controls around privileged accounts and administrator credentials.

The bottom line is that powerful, privileged credentials, sometimes termed the ‘keys to the IT kingdom,' must be securely locked down, controlled and continuously monitored. This will limit lateral movement within the network, thereby enabling organisations to contain the attack and lessen damage."

Rob Collins, WatchGuard Technologies APAC technical director

"The admission that the Bureau of Meteorology was compromised is a welcome change to the usual veil of secrecy around breaches of Government networks, especially when there is an expectation that businesses should be forced to admit their breaches.

Acknowledging that cyber security is a problem for Australia won't come as a surprise for the many businesses that have been struck by ransomware and financial fraud attacks that have really ramped up in the last 18 months.

Hopefully, with these announcements and funding for education and establishing best practices, CEOs and CIOs will appreciate the need and budget for robust cyber security initiatives.

IT security professionals understand that cyber warfare can be just as dangerous as a real war, with power stations, water treatment facilities and uranium purification processes all vulnerable to attack."

Leon Fouche, BDO risk advisory partner

"Key to this strategy's effectiveness – and to the protection of all businesses – will be a recognition that cyber security is not just an IT issue but rather a business issue that requires ownership by the C-suite and understanding by all departments.

The strategy's strong focus on collaboration and education also highlights the role every business can play. While the Federal Government is leading and innovating, businesses need to ensure their security practices are robust and up to date, and to better educate and empower employees to use sound online practices.

Organisations should also look at the forthcoming designation of a Minister Assisting the Prime Minister on cyber security and consider how they might assign a similar responsibility to either an executive or management team."

Final words?

“Ultimately, all of us - governments, businesses, communities and individuals—need to tackle cyber security threats to make the most of online opportunities,” Turnbull says. “This Strategy charts a new way forward for Australia's cyber future, one that is creative, collaborative and adaptable.