New risks and emerging threats in cyber security
Posted on September 17, 2020
We teamed up with Trans-Tasman Business Circle to host a virtual panel discussion on one of the most challenging topics of our times: Security - A Critical Analysis of New Risks and Emerging Threats.
Moderated by Vocus Chief Executive, Enterprise & Government, Andrew Wildblood, the panel featured some of Australia’s leading security experts including Chair of the Cyber Security Cooperative Research Centre, David Irvine AO, PhD Professor of Practice in Cyber Security, and CEO of Cyber Institute, Prof. Lesley Seebeck, and Vocus Group Chairman and member of the Federal Government’s 2020 Cyber Security Strategy Industry Advisory Panel, Bob Mansfield AO, Chairman.
It was a compelling discussion, covering a wide range critical security issues and developments for business and government. We’ve pulled together a handful of key insights from the event below but there were plenty more. You can view the full recording of the discussion here.
1. Our dependence on the cyber world increases our vulnerability to multiple threats
We rely heavily on cyber systems in our everyday lives, said David Irvine, and this dependence creates national vulnerabilities that we’re only beginning to appreciate. And while 21st century wars will be fought and won in cyber space, we can’t forget that cyber criminals also play a huge role.
David said in Australia, about 74 per cent of companies surveyed said they’ve suffered a successful cyber-attack. Globally, the cost of cyber-crime is predicted to reach more than $6 trillion in 2020. He said the impact of COVID has hastened our dependence on the cyber world, but we haven’t done enough to address our vulnerabilities.
2. Government can’t—and shouldn’t—regulate everything
While the government can set expectations and should lead by example, industry and the public also play a role in cyber security, said Bob Mansfield. He said security is so broad and constantly evolving, that keeping up with it is a never-ending task that requires everyone to play a role, and not just rely on government regulation to “fix” the problem. He said it’s often the case that one company’s problem rarely remains only that company’s problem; we’re all so interdependent, that impacts are felt across the board.
3. We need a way to prioritise a national cyber security strategy
It’s a great step that the government is clearly focused on cyber and a strategic response for the nation, said Lesley Seebeck, but one of the challenges for everyone involved is the scale of the problem and the speed at which cyber activity takes place. When everything is deemed important, nothing is important, so what is necessary is a better means of organising and prioritising the threats we face, said Lesley.
She said that requires resiliency and an agile way of working, so we can react quickly to threats as they occur, rather than rely on more government regulations to respond.
4. Boards to be more invested in cyber security
Accountability for cybersecurity is going to be clearly visible in the government’s new security recommendations, said Bob, and this is something that should occur within boards and on leadership teams. He said it’s similar to the trajectory of Occupational Health and Safety (OH&S). Twenty years ago, it wasn’t on meeting agendas, whereas today, boards get reports on OH&S at every meeting.
This doesn’t mean that every board member needs to be a cyber security expert, said Bob, but there is an element of education required, so board members understand who is responsible for it at their company, how often it’s reported on, and what the challenges are.
5. Cyber security talent can be found in unexpected places
To build more talent in the cyber security space, Lesley said it’s important to think outside of the box when it comes to recruitment.
While engineers and IT-trained people are important, so is mindset. People can always be trained in technical skills, but what is more important is building how they think or approach particular problems.
Lesley said instead of recruiting only in technical fields, it’s crucial to have broader skill sets—people who can speak different languages, for example, or who have transferrable skills from another industry, as these are the people who will be leading teams and recruiting others. It’s something that universities and companies are only now beginning to realise.
6. While Australia isn’t yet a global leader in cyber security, it can be
The panel members agreed that the cyber world offers a significant opportunity for employment and skills development. Government and enterprise can work together to create a cyber industry, with more Australian cyber security providers in the market. Although we’re not at that point yet, we’re on the right track.