Education key to improving Australia’s cyber resilience
- 01 December, 2016 17:35
The cyber security industry is projected to be worth $US639 billion by 2023. However, Australia has only a small cyber security sector, with fewer vendors than France, Germany, Canada or India.
This was one of the key findings from Australian Computer Society's (ACS) Cyber Security: Threats, Challenges, Opportunities guide that it released at the recent ACS Ministerial and Tech Leaders Forum in Sydney.
The guide also revealed that less than six per cent of C-suite executives in Australia think cyber security is a critical issue, indicating that there is a disconnect between the reality of threats and the awareness of them at the executive level.
As such, it stressed the importance of education and awareness as key factors for improving Australia’s cyber resilience across government, business, industry, and the nation as a whole.
The Department of the Prime Minister and Cabinet cyber policy assistant secretary, Sandra Ragg, who was speaking at the forum, said cyber security is an issue to the government and also the nation.
“One thing we can be sure about is the levels of uncertainty and complexity that we will face in a new future around technology. But when it comes to cyber security, it is about how we maximise the opportunity that we have and how it will benefit us in all aspects of our lives.
“Cyber security brings to us the opportunity for us to build both trust and value in our economy, trust and confidence in our government systems, and trust and meaning in our social communities as we operate in a world that is very much online,” she said.
She mentioned businesses should adopt speed to change with the policies national leaders put in place.
“The practicality is, how do we make this real for people, and how do we give people the capacity to have some level of control and influence around security that impacts their daily lives?”
She also highlighted some aspects of the cyber security strategy that the government launched earlier this year.
“It’s more an outward looking vision, rather than inward and just reliant on government. Businesses aren’t looking for governments solving all the problems, but actually providing a vision that all stakeholders could stand behind. They also want an action plan with practical initiatives that all partners could share.”
Additionally, Ragg said that critical to the nation is the implementation strategy, where businesses get more engagement with government, and get government to invest and partner with them to improve the cyber security market.
“We need to work from the top down – from the Prime Minister to business leaders to set that strategic agenda. We want to thrive as a nation and grasp all those economic opportunities,” she added.
Former head of cyber at the Department of Defence and inaugural head of the Australian Cyber Security Centre, major general Stephen Day, spoke about the three framing ideas behind reducing the impact of cyber security incidents.
The first idea he mentioned, is that cyber security is a process, not a product.
“It is a technical problem sure, but it is as much a human problem as it is a technical problem. 90 per cent of all these compromises actually come from human error and so, it’s about people and culture, risk appetite, policies, resource allocation, and technology working in harmony and reviewed regularly.”
The next idea he addressed was that of cyber security being a senior leader business. He said cyber security is not something that can be left to the CIO or IT departments on their own.
“What we found was that the senior folk in government were not engaged in this problem, and it was because they didn’t know how to help. For them, cyber was like a puff of smoke. The reason for this was because the conversations were owned by the technical community,” he said.
As such, he suggested communicating with clarity, and changing the conversation to translate the technical talk to build awareness across government.
The last framing idea he brought up was cyber security being a team sport.
“If you want to be successful, you got to have everyone on board, including partners. Who are you talking to, to improve your understanding of the issue?” he questioned.