Security Market Segment LS
Thursday, 23 July 2020 17:59

Industry leaders unanimous in praise for cyber security panel recommendations

Industry leaders unanimous in praise for cyber security panel recommendations Image by Pete Linforth from Pixabay

Attempts to compromise Australian corporate and government networks are inevitable, the managing director of Blackberry Spark ANZ, Jason Duerden, says, adding that while this cannot be prevented they can be contained and protected against by applying a risk mitigation approach to cyber security.

He was commenting on the release of recommendations on Tuesday by the Federal Government's Industry Advisory Panel on the country's next cyber security strategy.

Duerden said the Australian Government has been showing signs of moving towards this mindset by applying the globally recognised NIST and Mitre ATT&CK frameworks – both outlined by the Australian Cyber Security Centre.

He said the appetite existed for rapid change and rapid adoption of new approaches to risk management in cyber, but appetite was not always coupled with the structure for implementation.

"We have seen examples of a minimum six-month lead time for an agency to follow process to be able to assess risk, culturally review the advantages of using Australian cloud technology, evaluate the market and finally get through strict government procurement rules to deployment," Duerden added.

"The reality is that the cyber security landscape can evolve exponentially in a period of six months. Confining agencies to a list of checkbox compliance items is also a huge challenge in effectively addressing cyber risk.”

Verizon Business Group's Asia Pacific regional vice-president Robert Le Busque said the company he represented was pleased to see the recommendations.

He particularly welcomed the call for real-time sharing of threat information and increased inclusion of the private sector in economy-wide cyber-security initiatives.

"The lack of a common-language structured framework for data breach reporting, in addition to tactical engagements with the wider industry, has often been an Achilles heel for the cyber-security community," he pointed out.


Photo by Gerd Altmann of Pixabay.

"As such, greater threat intelligence and a closer working partnership across all sectors, will allow for better situational awareness, and fewer shortcuts and assumptions in terms of compliance and understanding the threat landscape, and enable all organisations to better measure and manage security risk.”

Thomas Fikentscher, regional director of CyberArk Australia and New Zealand, the IAP recommendations underscored the fact that though its recommendations were built around a framework, with five key pillars — deterrence, prevention, detection, resilience, and investment — the report underscored the fact that cyber crime was a pervasive and endemic threat.

"It's the most significant threat in terms of overall volume, costing Australians and Australian businesses billions of dollars each year," he said.

"With the country facing a surge of domestic cyber criminals and nation-state attackers alike, now is the time for the Australian Government, in collaboration with the private sector, to invest in strengthening our cyber security defences.

"It’s all about planning and preparing for the long game by redefining how to approach risk, especially in terms of securing business models that underpin digital workflows securely accessed by digital identities. No matter what the future holds, the actions taken by government and organisations today will inform what our collective tomorrow looks like, especially as we become increasingly reliant on the digital economy.”

Email security firm Mimecast's ANZ country manager Nick Lennon said his company's team of local security experts welcomed the recommendations.

"It is reassuring to see that cyber security is increasing in priority and that the government is encouraging both the public and private sectors to build resilience and take security more seriously than they have to date," he observed.

"The security industry has been lobbying for a much more substantial level of attention and investment in Australia’s cyber defences for some time, which has been challenging due to the reluctance of businesses to invest in cyber security as it’s intangible and difficult to attribute return on value/investment."

Lennon said the announcement of the massive data breach of Western Australia’s coronavirus management system was a glaring example of what could happen when end-to-end security and privacy was not invested in sufficiently or proactively.

"The importance of cyber security goes beyond the performance of our national technology infrastructure, into our absolute dependence on critical infrastructure, businesses keeping their doors open and the livelihood of our citizens," he added.

Richard Watson, Ernst & Young's lead partner for APAC Cyber Security Risk Management, said there was a real lack of understanding in Australian boardrooms around cyber security, which was largely a function of boardroom demographics.

"EY's Global Information Security Survey 2020 says that 72% of Boards are worried about cyber security, but only 48% of CISOs believe their board has the understanding they need to approve the investment required," he pointed out. "Boards have long needed to consider how the total cyber budget is allocated, particularly around the security operations centre.

"Our data shows that while the single biggest expenditure for our clients is the security operations centre, only around a quarter of attacks are discovered by the SOC.

"We're finding that many organisations continue to operate with first-generation manual SOCs, with automating the SOC and identity management accounting for the majority of cyber CAPEX spend."

He said when one summarised things, there was a technology angle, a cultural angle, and a process angle to discuss and implement. But if one looked at where the regulation needed to point to, patching was the biggest issue as it's where organisations were most vulnerable. It also illustrated how valuable customer data ended up on the dark web for sale.

"It's so easy if you're not updating the systems for attackers to scan the network and see you're running an old version of Windows or Internet Explorer and just use a commonly available attack, Watson said. "A benchmark for cyber security spend is one of the most asked questions we get and we recommend 7% to 10% of IT spend depending on sector."

"CISOs rank procuring/justifying budget as the hardest part of their job, closely followed by proving to management and the board that security is performing to expectations."

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous