Cyber security has its ‘Team Australia’ moment

Consistent with outcomes from other industry wide activities, such as APRA’s CPS234 Tripartite audit program, the themes for the cyber summit overall were clear, if not predictable:

• Cyber security and resilience starts at the top
• Plan for the inevitable breach
• Third parties are a primary and increasing security risk

Pleasingly, some of the commentary highlighted what security professionals have long championed:

• Individuals are one of the biggest risks and strongest defence methods - let’s make them stronger.
• If you can’t see it, you can’t protect it – know what your digital footprint really is.
• Data is digital asbestos – catalogue your data, review, and keep a bare minimum, delete what you no longer require.
• Legacy is a ticking time bomb – consider the risk and mitigating controls, ask how good the system really is, and is it perhaps time to deploy new systems.

Minister Claire O’Neil outlined how the federal government intends to deploy six shields of cyber defence:

• Strong businesses and citizens – an educated and skilled population to defend against the bad actors.
• Safe technology – a reimagining of what it is to put a technology product in market in Australia.
• World class threat sharing and blocking – near real time, accurate proactive defence.
• Protected critical infrastructure – making resilient the core services Australian rely on day-to-day.
• Sovereign capabilities – positioning Australia as a world leader, cyber powerhouse to innovate and win globally.
• Resilient region – working in partnership across the region, global actions with local impact.

Perhaps the most recalled takeaway from the Minister’s comments will be this: “At this point in time, we don’t have the resources to outright ban the payment of ransomware payments.”

This statement is likely cold comfort to the Boards and Executive teams who are faced with making these decisions, sometimes at short notice, often under considerable pressure with limited information.

It is pleasing to see the Australian Government embarking on a shared clear national imperative to build a cyber safe Australia. Notwithstanding, the summit also highlighted the soft underbelly to a cyber resilient Australia – vulnerable small businesses. How small business deals with the ongoing and increasing cyber threat presents a significant challenge to be addressed.

It’s time for Australian businesses to take a proactive and practical approach to cyber security. Contact our Risk Consulting team who can provide detailed, actionable insight that incorporates industry best practice and standards, to enable you to strengthen your cyber security position and help you make informed commercial decisions.

Learn more about how our Cyber security services can help you

Visit our Cyber security page