What should Government be doing in the short term and long term to protect Australians and businesses against cyber-attacks?

Our CEO and co-founder, Blair Crawford, outlines what Government should be doing in the short term and long term to protect Australians and businesses against cyber-attacks.

The challenge for the Australian Government is to create an environment where the public and private sectors can work together to protect Australia’s critical assets and citizen data. The government can continue to work with private sector companies to support them in protecting Australia’s critical assets and to educate everyone from individuals through to SMEs and enterprises to continue to boost our cybersecurity awareness and resilience. We cannot stop attackers from targeting Australian organisations. But we can make it harder for those attackers to succeed.

One of the key advantages threat actors have is that they are extremely cooperative. A complex attack requires a broad set of skills. The establishment of the Australian Cyber Security Centre and Joint Cyber Security Centres that bring together business and the research community along with state, territory and Australian Government agencies is a good step forward. This specifically counters the way threat actors trade and share their skills.

Australian organisations are being targeted every day. The Australian Cyber Security Centre says that a fresh attack is being detected every eight minutes. And that frequency is accelerating. By continuing to build strong collaboration with the private sector, the Federal Government can help to repel those attacks. It can do this by establishing laws, regulation and guidelines to encourage businesses to make prudent investments in cybersecurity.

The cybersecurity sector is currently under-resourced. There are not enough experts in the market to service the needs of every government department, agency and private organisation. By continuing to offer development pathways for cybersecurity professionals through funding for tertiary and vocational training institutions, the Federal Government can improve our sovereign capability to detect and repel attacks, and to minimise the damage and recover faster should an attacker get through our defences.

Cybersecurity is about more than ensuring checkboxes are crossed when a provider says they adhere to a specific standard. By understanding the applications and services a vendor provides, it’s possible to ensure each vendor in your supply chain is proportionally responsible for cybersecurity and that there are specific controls in place that protect the overarching service. That requires a risk analysis that takes into account the types of attacks that you will face, what assets you have that might be targeted, the psychology of the threat actors and why they would be interested in your business.

When government procurement processes make cybersecurity a high priority and follow these steps it sets expectations that every organisation should follow. By raising the cybersecurity awareness tide, the government can lift all boats.

On its own, the Australian Government can do very little to stem the tide of attackers. But through stronger cooperation with the private sector, leading the way with its own robust cybersecurity strategy and by creating an environment that fosters information sharing and greater cooperation, it can make a significant difference that will protect the data and assets every Australian citizen depends on to be kept safe.

 Talk to us about creating a safer, more efficient workplace today. Get in touch here.