Sonicwall Midyear Banner1

Security Market Segment LS

Sonicwall Midyear2 Banner

Sonicwall Leaderboard Banner2

Thursday, 23 July 2020 17:59

Industry leaders unanimous in praise for cyber security panel recommendations

Industry leaders unanimous in praise for cyber security panel recommendations Image by Pete Linforth from Pixabay

Attempts to compromise Australian corporate and government networks are inevitable, the managing director of Blackberry Spark ANZ, Jason Duerden, says, adding that while this cannot be prevented they can be contained and protected against by applying a risk mitigation approach to cyber security.

He was commenting on the release of recommendations on Tuesday by the Federal Government's Industry Advisory Panel on the country's next cyber security strategy.

Duerden said the Australian Government has been showing signs of moving towards this mindset by applying the globally recognised NIST and Mitre ATT&CK frameworks – both outlined by the Australian Cyber Security Centre.

He said the appetite existed for rapid change and rapid adoption of new approaches to risk management in cyber, but appetite was not always coupled with the structure for implementation.

"We have seen examples of a minimum six-month lead time for an agency to follow process to be able to assess risk, culturally review the advantages of using Australian cloud technology, evaluate the market and finally get through strict government procurement rules to deployment," Duerden added.

"The reality is that the cyber security landscape can evolve exponentially in a period of six months. Confining agencies to a list of checkbox compliance items is also a huge challenge in effectively addressing cyber risk.”

Verizon Business Group's Asia Pacific regional vice-president Robert Le Busque said the company he represented was pleased to see the recommendations.

He particularly welcomed the call for real-time sharing of threat information and increased inclusion of the private sector in economy-wide cyber-security initiatives.

"The lack of a common-language structured framework for data breach reporting, in addition to tactical engagements with the wider industry, has often been an Achilles heel for the cyber-security community," he pointed out.


Photo by Gerd Altmann of Pixabay.

"As such, greater threat intelligence and a closer working partnership across all sectors, will allow for better situational awareness, and fewer shortcuts and assumptions in terms of compliance and understanding the threat landscape, and enable all organisations to better measure and manage security risk.”

Thomas Fikentscher, regional director of CyberArk Australia and New Zealand, the IAP recommendations underscored the fact that though its recommendations were built around a framework, with five key pillars — deterrence, prevention, detection, resilience, and investment — the report underscored the fact that cyber crime was a pervasive and endemic threat.

"It's the most significant threat in terms of overall volume, costing Australians and Australian businesses billions of dollars each year," he said.

"With the country facing a surge of domestic cyber criminals and nation-state attackers alike, now is the time for the Australian Government, in collaboration with the private sector, to invest in strengthening our cyber security defences.

"It’s all about planning and preparing for the long game by redefining how to approach risk, especially in terms of securing business models that underpin digital workflows securely accessed by digital identities. No matter what the future holds, the actions taken by government and organisations today will inform what our collective tomorrow looks like, especially as we become increasingly reliant on the digital economy.”

Email security firm Mimecast's ANZ country manager Nick Lennon said his company's team of local security experts welcomed the recommendations.

"It is reassuring to see that cyber security is increasing in priority and that the government is encouraging both the public and private sectors to build resilience and take security more seriously than they have to date," he observed.

"The security industry has been lobbying for a much more substantial level of attention and investment in Australia’s cyber defences for some time, which has been challenging due to the reluctance of businesses to invest in cyber security as it’s intangible and difficult to attribute return on value/investment."

Lennon said the announcement of the massive data breach of Western Australia’s coronavirus management system was a glaring example of what could happen when end-to-end security and privacy was not invested in sufficiently or proactively.

"The importance of cyber security goes beyond the performance of our national technology infrastructure, into our absolute dependence on critical infrastructure, businesses keeping their doors open and the livelihood of our citizens," he added.

Richard Watson, Ernst & Young's lead partner for APAC Cyber Security Risk Management, said there was a real lack of understanding in Australian boardrooms around cyber security, which was largely a function of boardroom demographics.

"EY's Global Information Security Survey 2020 says that 72% of Boards are worried about cyber security, but only 48% of CISOs believe their board has the understanding they need to approve the investment required," he pointed out. "Boards have long needed to consider how the total cyber budget is allocated, particularly around the security operations centre.

"Our data shows that while the single biggest expenditure for our clients is the security operations centre, only around a quarter of attacks are discovered by the SOC.

"We're finding that many organisations continue to operate with first-generation manual SOCs, with automating the SOC and identity management accounting for the majority of cyber CAPEX spend."

He said when one summarised things, there was a technology angle, a cultural angle, and a process angle to discuss and implement. But if one looked at where the regulation needed to point to, patching was the biggest issue as it's where organisations were most vulnerable. It also illustrated how valuable customer data ended up on the dark web for sale.

"It's so easy if you're not updating the systems for attackers to scan the network and see you're running an old version of Windows or Internet Explorer and just use a commonly available attack, Watson said. "A benchmark for cyber security spend is one of the most asked questions we get and we recommend 7% to 10% of IT spend depending on sector."

"CISOs rank procuring/justifying budget as the hardest part of their job, closely followed by proving to management and the board that security is performing to expectations."

Read 4024 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News