If Australia’s economy is to continue to thrive, it must be diversified by new, disruptive business models imbued with technology and connectivity, according to Telstra chief information security officer, Mike Burgess.
“There is no doubt in my mind that cyber-security is an economic driver and there is opportunity for business if you manage the risk well. Your business will succeed, if not grow,” he said, speaking at The Committee of Economic Development of Australia (CEDA) cyber-security forum.
However, Burgess noted that as technology continues to underpin the economy and greater society, the associated risks must be understood and managed through collaborative partnerships between the public and private sector.
Burgess painted cyber-security as a business risk foremost and explained the importance of “the human element” and culture that must be created within a business environment.
“At Telstra, every business unit needs to understand that cyber-security is a business risk for every different business unit. It is not my responsibility to solve it, it is not the CIO’s, but every single different units responsibility.
"I have a dedicated team at Telstra whose sole role is to influence our staff so they understand in their heads and hearts what they can do about security.”
In line with Burgess, ANZ Banking Group global head of information security, Steve Glynn, illustrated the importance of the ‘human firewall” in relation to taking a collaborative stance that extends beyond obligation.
“Because we form part of our national critical infrastructure, there is always that moral obligation for us to step beyond our organisations boundaries and collaborate in order to improve our defences,” he claimed.
“Other than just working with our own organisations, and to be clear, I get paid to defend and protect ANZ’s assets and customer information as that is my job, but I strongly believe, along with my peers in my industry, that we are stronger together.”
Glynn reflected on his 20 years spent in financial services and noted how it has been underpinned by a constant focus and worry surrounding the confidentiality and integrity of information.
“We spend a lot of time and resources investing to build customer confidence and trust and a key tenant of our information security strategy is community,” he said.
Upon reflection, Glynn spoke from experience in outlining the paradox of information security in terms of the defensive, collaborative stance that should be taken today.
“I find it a little bit ironic, that this focus on confidentiality today has shifted," he added. "These days we are going the opposite way and are trying to become more open and share more.”
In the financial services industry particularly between the big four banks, we are all very open in terms of the information that we share to create threat intelligence,” he said.
“This does come with risk even within circles that we trust, but we do it because we believe strongly that it is the right thing to do and we will be stronger as a whole as a result.”
Glynn added that ANZ is also working more increasingly with governments and not for profits, particularly after the cyber-security strategy refresh at Federal government level.
“The cyber-security strategy refresh is very much a step in the right direction and we welcome further collaboration along those lines.”
Burgess also expressed his strong belief in sharing and learning from industry peers.
In stating, “never let someone else's crisis go to waste,” Burgess spoke about how to learn from another crisis or breach that has happened to another company with a similar line of business as the C-level team can relate to it.
Burgess added that there are five particular points of “knowing” that should be understood in an organisation: knowing the value of data, knowing who has access to that data, where the data sits, how it is being protected and by who.