SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers

Video: 10 Minute IT Jams - An update from Secureworks

Mon, 30th May 2022
FYI, this story is more than a year old

Cybersecurity risks are rising.

That's the clear warning from Ian Bancroft and Dimi Giorgio, two senior leaders at Secureworks, who recently spoke on the mounting risks and opportunities in the cybersecurity sector for Australia and New Zealand. Speaking to "Tim and IT Jams", both experts outlined the growing dangers of cyber negligence, the impact of government investment, and what needs to happen to build a more resilient and skilled digital workforce.

Dimi Giorgio set the tone, noting that as more individuals and organisations integrate digital devices into their daily lives, the number of possible targets for cybercriminals increases. "This is always going to be an ongoing problem, both for organisations and for individuals at home," she said. "The more devices that we connect into the cloud and the more we engage with these devices is only going to increase the threat vector for these attackers."

While high-profile stories often focus on state-backed cyber actors targeting large entities, Giorgio described how, from her experience and Secureworks' threat intelligence, the reality is often less targeted but no less dangerous. "A lot of these attacks are very, very opportunistic. Our counter threat research team sees that attackers look to exploit individuals during really vulnerable times throughout the day," she explained, citing scenarios such as office workers returning post-pandemic and falling for emails or links that appear trustworthy.

"The human problem is always going to be the biggest issue at play," Giorgio added, despite organisations' commendable efforts to counter risks. The solution, she suggested, lies in ongoing education and collaboration. "It's really important for [organisations, individuals, and the public sector] to come together and continue that educational piece on what we should be looking out for and what is being safe. There isn't a silver lining solution that's going to address all the problems," Giorgio said.

Secureworks welcomes the Australian government's ambitious $9.9 billion investment over the next decade to build out national cyber intelligence capabilities. Giorgio believes it represents a significant step forward, not just by placing the issue in the national spotlight, but also by opening up opportunities for new talent. "It puts a national focus on the issue at hand and it's something not only Secureworks but many of our competitors have been flagging here specifically in Australia and New Zealand—the need for government not to intervene but to promote and educate and showcase the importance of having this as part of our day-to-day lives," she said.

Giorgio foresees this government focus encouraging "a plethora of opportunities when it comes to positions that are opening up" and promoting cyber skills through education channels. "We need and require collaboration from the public sector to the private sector... We need a jointed effort, not a disjointed effort," she said, adding it will also allow organisations to better support graduates and upskill new entrants to the sector.

The potential arising from this investment was echoed by Ian Bancroft, who said, "The opportunity is huge. Cybersecurity companies such as ourselves, that's what we do day in day out, that's what we've done for the last 20 years—we live and breathe security from the top to the bottom of our organisation." Bancroft expects demand for holistic solutions, and for companies like Secureworks to work even more closely with a growing ecosystem of partners to meet evolving needs.

He highlighted that investment will drive organisations to take a more solutions-oriented approach, emphasising prevention and rapid detection. "Inevitably, you're not going to be able to stop everything," he said. "Your ability to detect quickly and then respond quickly to a breach and instance is going to be absolutely critical."

As cybercrime has soared, the skills required to counter threats have struggled to keep pace. Bancroft acknowledged the chronic skill shortage, describing it as a global rather than just a local problem. He said, "If you have skills within your organisation, we have to maintain them, we have to retain those staff, because when staff leave, invariably they take knowledge with them and that creates risk in its own right."

Salary and bonuses are now just the baseline, he added. "You've really got to look at other areas, really what the value is of your organisation, how you create more inclusivity, how you create communities within your organisation," Bancroft said. Good workplace culture and clear pathways help attract and retain talent—and, crucially, help close the gap. "If you've got the right people inside your organisation, great talent attracts great talent ... you're bringing in talent that you're able to nurture, to grow, to really skill up more so they play a broader role inside the organisation and the industry as a whole later on."

Bancroft stressed the always-on nature of cybersecurity roles, so support for mental health and work-life balance is essential, along with investing in staff development. "You've got to show a development from a career perspective... organisations such as ourselves will work with them on a career development plan that will help them grow themselves from their career perspective to much higher levels," he explained.

On the question of whether Australian organisations can overcome hesitation to invest in cyber resilience, Bancroft was hopeful. "Cybersecurity is an enabler to business. It's not there to stop business, it's there to enable business," he stated. Building trust with customers, he added, was paramount, and robust cybersecurity was critical for establishing and maintaining that trust.

"If you can grow trust, you retain and attract customers," he said. "It's really important you put in place the right measures to keep those customers and keep them happy... organisations will become more comfortable with larger investments in cybersecurity because they will see the returns that they will get from the trust they get in the organisations and how they grow themselves as a business."

He concluded, "It's an absolute necessity nowadays rather than a box-ticking exercise. It's something you can sell outward as a positive to really attract new business into your organisation and grow your revenues at the end of the day."

As Dimi Giorgio summarised, education, collaboration, and investment are key in responding to today's cyber threats. "There isn't a silver lining solution that's going to address all the problems... It is going to continuously be an issue for us absolutely, especially with the rise in hybrid work and situations like that," she said.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X