Security Market Segment LS
Friday, 23 October 2020 08:48

Outcomes must come first in security, then technology, says cyber firm CEO

Adam McCarthy says custom detection of threats is needed because there are threats unique to Australia. Adam McCarthy says custom detection of threats is needed because there are threats unique to Australia. Supplied

The chief executive of an Australian company that provides managed cyber detection and incident response services, says large multinationals are offering businesses a false sense of security, because the latter lack an understanding of cyber security requirements.

Such companies are providing dated centralised processing which effectively deploys a "cookie-cutter approach" that isn’t agile or adaptable enough in this environment to offer custom detection of threats, Adam McCarthy, co-founder of ParaFlare, told iTWire during an interview.

McCarthy spent 14 years with the Australian Defence Force where he responsible for the delivery and operation of niche cyber and ICT capabilities, including standalone and sensitive operations.

He has also held senior positions with multiple Australian Defence programs. He has also worked with the Australian Federal Police, Telstra, the US State Department and US Department of Defence, and has served in multiple operations throughout APAC and EMEA.

"Lots of organisations are just integrating products and not actually providing the human intelligence, methodology and process behind the technology to solve the problem," McCarthy said. "They are often leading in with the technology solution. We lead with outcome in mind first, followed by people and process when approached by businesses - tech should be last decision."

He said, unfortunately, there was a perception that the technical solution should be provided first.

"For example, when we receive inbound requests, we always ask for the outcome they are seeking and trying to receive, as technology is just a tool. What we want to provide is an all-encompassing outcome."

He said when he used the term large multinationals, it included global players who thought the tech solution would solve problems, and relied on vendors to solve the problem which just created a false economy. "If they follow that line of thinking, they can only deal with known threats, rather than unknown threats," he added.

Asked how cyber security requirements in Australia were different from other countries, McCarthy said it came down to the local government's legislation.

"Every government has a different one. It also depends on the industry – in Australia, for example, we have specific legislation pertaining to critical infrastructure that is different to that required in the UK.

"If we are otherwise looking at technical fundamental requirements, they are consistent globally. When asking what does good detection look like - it should be consistent globally. How it's governed is how it's different."

McCarthy said custom detection of threats was needed because there were threats unique to Australia. "Threats are unique to industry verticals and unique to the type of organisation you are dealing with," he explained.

"While there are consistencies across the globe, geopolitical goals and objectives that nations set are different and unique. There are, for example, certain IP and resources that are unique to Australia.

"Some threats could be consistent with other threats that we see globally, but it always depends on what the specific organisation deals with every day, including which clients, customers and relationships they have with suppliers – all this unique data fits within a unique threat profile. It can be more or less unique based on your organisation and whether you have a unique capability. If you do, then you will have particular threats specifically targeting your organisation."

Asked for his opinion about the Federal Government's recently released 2020 cyber security strategy and whether it was too prescriptive, McCarthy replied that he would not describe as such.

"I'd actually go as far as to say it's not prescriptive enough. I believe it doesn't go far enough to talk about how it is investing in grassroots Australian capability and how they are going to invest in the operationalisation of the strategy - I thought there would be more actionable activities coming from it," he said.

"There was also no funding for AustCyber and that's quite honestly appalling - their mandate is to provide a growth avenue and opportunities for the development of cyber capability in Australia, and not funding the federal entity that the Australian cyber security strategy is meant to support is dumbfounding.

"It has allocated $1.6 billion to be spent on a huge amount of other capabilities other than focusing on growing it. It goes towards the government not looking at how to grow its grassroots capability."

Asked why Australian public sector bodies tended to almost automatically plump for an external solution when it came to technology — even though there are many worthy local contenders — McCarthy said once again "we are still talking about technology and organisations in the public sector looking at technology solutions rather than at the outcome, and how they can look to provide business resiliency, as well as how to quickly and effectively solving it".

McCarthy said he had referred to developing human intelligence to improve the country's cyber security posture because humans were ultimately the ones operating technology and driving breaches.

"You have to keep in mind that there are people at the end of keyboards trying to extract something from systems and for their financial gain," he said. "If you are going to fight at the technical rather than human level, you are not going to satisfy the ultimate objective to make the economy resilient.

"We need intelligent humans to interpret complex information from technology, which is just a tool - otherwise we are relying on machines to respond to threats within a dynamic environment. And that means we'll be fighting a losing battle.

"We've lost sight of focusing on what the problems are and dealing with that methodically with smart people first and foremost, and we are instead racing to technology as the silver bullet, but that's not the answer.

"Tech is just a tool to enable the solution and isn't often the 'gizmo' to solve their problems. But you need human intelligence to give the future of our country's cyber security capability a chance."

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News