Guy Eilon, senior director and general manager ANZ, told iTWire that Tehan's appointment was a sign the government was taking cybercrime seriously and "an important step in fulfilling the long-awaited national cyber security strategy".
But, at the same time, he added, that given Tehan was appointed to fulfil cyber strategy it raised questions of whether he would be able to critically evaluate and amend the programme with growing cyber security threats.
Tehan wears a number of hats in Turnbull's ministry: he is minister for defence personnel, minister assisting the prime minister for the centenary of ANZAC, minister for veteran's affairs and minister assisting the prime minister for cyber security.
|
|
He said another area of consideration was the lack of a proper data breach notification scheme in the country.
"If companies are under no obligation to disclose breaches they're unlikely to be held accountable for their actions. In turn, this has a negative flow-on effect, with cyber criminals themselves being less likely to be brought to justice without public scrutiny encouraging businesses to adequately protect their personal information."
Eilon said the updating of data breach notification laws should be a priority as it would benefit both consumers and businesses; data protection reform would help companies to regain consumers' trust and in turn promote use of their (the business) services.
"As Australian companies aren't under obligation to disclose data breaches they can under-estimate the impact such leaks have on operations and take on more risk than they would otherwise," he said.
"Organisations that aren't required to disclose data breaches often don't have an established data breach plan to limit the effect of cyber-attacks. They may also not have the relevant people, process and technology in place to deal with recovery."
Eilon said this showed the reluctance of the C-Suite (top executives in a corporation) to acknowledge the true cost of cyber breaches, despite evidence to the contrary.
"Australia can learn from our European counterparts who by 2018 will put a much stricter focus on data protection," he said. "Under the General Data Protection Regulation (GDPR) European companies are required to notify supervisory authorities in the case of a data breach within 72 hours."
The updating of these laws was a national priority, according to Eilon.
He added that while government bodies were taking steps to address information security concerns, more emphasis was needed on data protection. "Today, information needs to take a 360 degree approach that incorporates people, processes, and technology across the organisation, rather than relying on the reactive defending of data."
Eilon said right now, Australian government agencies were operating with small budgets and could be hesitant to take steps needed to protect citizens, networks and sensitive data. "However, given the cost of fraud and cyber-attacks will reach $70 billion by 2020, as forecast by the Australian Computer Society, security across government should be more of a focus."
Forcepoint was formed in January this year by the amalgamation of three companies: Websense, Raytheon Cyber Products and Stonesoft.
