Security Market Segment LS
Thursday, 23 July 2020 17:59

Industry leaders unanimous in praise for cyber security panel recommendations

Industry leaders unanimous in praise for cyber security panel recommendations Image by Pete Linforth from Pixabay

Attempts to compromise Australian corporate and government networks are inevitable, the managing director of Blackberry Spark ANZ, Jason Duerden, says, adding that while this cannot be prevented they can be contained and protected against by applying a risk mitigation approach to cyber security.

He was commenting on the release of recommendations on Tuesday by the Federal Government's Industry Advisory Panel on the country's next cyber security strategy.

Duerden said the Australian Government has been showing signs of moving towards this mindset by applying the globally recognised NIST and Mitre ATT&CK frameworks – both outlined by the Australian Cyber Security Centre.

He said the appetite existed for rapid change and rapid adoption of new approaches to risk management in cyber, but appetite was not always coupled with the structure for implementation.

"We have seen examples of a minimum six-month lead time for an agency to follow process to be able to assess risk, culturally review the advantages of using Australian cloud technology, evaluate the market and finally get through strict government procurement rules to deployment," Duerden added.

"The reality is that the cyber security landscape can evolve exponentially in a period of six months. Confining agencies to a list of checkbox compliance items is also a huge challenge in effectively addressing cyber risk.”

Verizon Business Group's Asia Pacific regional vice-president Robert Le Busque said the company he represented was pleased to see the recommendations.

He particularly welcomed the call for real-time sharing of threat information and increased inclusion of the private sector in economy-wide cyber-security initiatives.

"The lack of a common-language structured framework for data breach reporting, in addition to tactical engagements with the wider industry, has often been an Achilles heel for the cyber-security community," he pointed out.


Photo by Gerd Altmann of Pixabay.

"As such, greater threat intelligence and a closer working partnership across all sectors, will allow for better situational awareness, and fewer shortcuts and assumptions in terms of compliance and understanding the threat landscape, and enable all organisations to better measure and manage security risk.”

Thomas Fikentscher, regional director of CyberArk Australia and New Zealand, the IAP recommendations underscored the fact that though its recommendations were built around a framework, with five key pillars — deterrence, prevention, detection, resilience, and investment — the report underscored the fact that cyber crime was a pervasive and endemic threat.

"It's the most significant threat in terms of overall volume, costing Australians and Australian businesses billions of dollars each year," he said.

"With the country facing a surge of domestic cyber criminals and nation-state attackers alike, now is the time for the Australian Government, in collaboration with the private sector, to invest in strengthening our cyber security defences.

"It’s all about planning and preparing for the long game by redefining how to approach risk, especially in terms of securing business models that underpin digital workflows securely accessed by digital identities. No matter what the future holds, the actions taken by government and organisations today will inform what our collective tomorrow looks like, especially as we become increasingly reliant on the digital economy.”

Email security firm Mimecast's ANZ country manager Nick Lennon said his company's team of local security experts welcomed the recommendations.

"It is reassuring to see that cyber security is increasing in priority and that the government is encouraging both the public and private sectors to build resilience and take security more seriously than they have to date," he observed.

"The security industry has been lobbying for a much more substantial level of attention and investment in Australia’s cyber defences for some time, which has been challenging due to the reluctance of businesses to invest in cyber security as it’s intangible and difficult to attribute return on value/investment."

Lennon said the announcement of the massive data breach of Western Australia’s coronavirus management system was a glaring example of what could happen when end-to-end security and privacy was not invested in sufficiently or proactively.

"The importance of cyber security goes beyond the performance of our national technology infrastructure, into our absolute dependence on critical infrastructure, businesses keeping their doors open and the livelihood of our citizens," he added.

Richard Watson, Ernst & Young's lead partner for APAC Cyber Security Risk Management, said there was a real lack of understanding in Australian boardrooms around cyber security, which was largely a function of boardroom demographics.

"EY's Global Information Security Survey 2020 says that 72% of Boards are worried about cyber security, but only 48% of CISOs believe their board has the understanding they need to approve the investment required," he pointed out. "Boards have long needed to consider how the total cyber budget is allocated, particularly around the security operations centre.

"Our data shows that while the single biggest expenditure for our clients is the security operations centre, only around a quarter of attacks are discovered by the SOC.

"We're finding that many organisations continue to operate with first-generation manual SOCs, with automating the SOC and identity management accounting for the majority of cyber CAPEX spend."

He said when one summarised things, there was a technology angle, a cultural angle, and a process angle to discuss and implement. But if one looked at where the regulation needed to point to, patching was the biggest issue as it's where organisations were most vulnerable. It also illustrated how valuable customer data ended up on the dark web for sale.

"It's so easy if you're not updating the systems for attackers to scan the network and see you're running an old version of Windows or Internet Explorer and just use a commonly available attack, Watson said. "A benchmark for cyber security spend is one of the most asked questions we get and we recommend 7% to 10% of IT spend depending on sector."

"CISOs rank procuring/justifying budget as the hardest part of their job, closely followed by proving to management and the board that security is performing to expectations."

Subscribe to Newsletter here


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Research & Case Studies

Channel News