Australia’s new strategy, the risks, and the security measures your business need to make.
Cyber security is more crucial now than ever, as we consistently move everything we own – as businesses and individuals – online. On 6 August 2020, the Australian Government released Australia’s Cyber Security Strategy 2020, highlighting its investment and action plans to strengthen the protection of Australians, business and infrastructure.
At Momentum Search, our regular Virtual Round Tables are designed to bring expert advice and know-how to senior management and executives across Australia. On 13 August, as a key and vital part of Australian business, we set out to explore the new strategy with guest speaker Daniel Pludek. An experienced CIO with a keen interest in security, Daniel has over 20 years’ experience delivering over $300m worth of programs across risk, compliance, and technology, working with regulators across industries ranging from banking to energy.
Throughout the discussion, Daniel highlighted key issues with the strategy, uncovering that whilst the Government is correctly investing in this area, education remains as one of the best ways to combat threats. On the other hand, Daniel agreed this becomes more challenging and complex for larger organisations as the organisational change, training and embedment of new behaviours will take time, whilst cyber criminals are becoming more sophisticated every day.
What can we do within organisations to mitigate cyber security risks?
Our conversation also drew focus to the importance of having a minimum cyber security baseline for each organisation. In the discussion, a C-level attendee explained that the organisation he works for had gone too far with too many processes and controls, meaning employees would find it challenging to be compliant. Since, these measures have been reduced, still ensuring that they have the right processes and controls in place to be effective, while allowing employees to work as productively as possible.
Looking to the future, it is likely to be small and medium business that face some of the biggest challenges, as we come to understand how the Government intends to assist small and medium-sized organisations in uplifting their capability. Additionally, it will be key to observe how cyber criminals, both in Australia and abroad, are going to be caught and prosecuted.
At the round table, conversation shifted to an open debate around how to combat insider threat attacks, how to address the increase of DDoS attacks, the increased use of AI and ML, and where the weakest links in an organisation may be. The subject of Bug Bounty programs was also raised, with the key benefits these are bringing to organisations.
Key steps for businesses
To protect against cyber security risks, Daniel offered key suggestions of what companies can individually do. These include:
1. Empower your business’ Chief Information Security Officer.
2. Shift the focus away from tools to ensuring that you have the right information, processes, and approach to risks in place to secure your environment.
3. Ensure that staff are vigilant and continuously trained/tested (Daniel is a big believer in using baiting to get a better level of understanding of your organisation).
4. Begin Zero Trust Architecture where possible.
5. Understand and value the importance of cyber security being embedded into your procedures, processes, and ways of working, rather than this being an audit item. This is not an IT problem; this is a corporate problem that we all need to address.
To find out more and download Daniel’s presentation in full, follow the link below.