• Integrated approach required for cyber security
Integrated approach required for cyber security
21 Aug, 2018, 1 Comment

Summary: Achieving an effective level of cyber resilience requires organisations to adopt a holistic approach to security that extends far beyond the IT department.....

Participants in a recent round table discussion, hosted by The Australian Financial Review and ACS, agreed a new approach is required that will ensure security issues and tactics become embedded in all areas of business activity.

Jill Slay, director of cyber resilience initiatives at the Australian Computer Society, says that – all too often – cyber security is viewed by boards and senior managers as a technical issue that needs to be solved. This attitude needs to change if Australian businesses and public sector organisations are going to withstand the growing range of cyber threats causing problems around the world.

"We haven't treated information security or cyber security as a multidisciplinary issue," says Slay. "We haven't had generations growing up who understand law and policy and technology.

"You can't solve the problem unless you actually understand what it is you're protecting and how you'll protect it. Until we've come to grapple with that a bit more, I don't think we're going to solve the problem."

Maria Milosavljevic, chief information security officer for the New South Wales government, agreed that a broader approach to cyber security is required within organisations of all sizes.

"If you get an electrician to fix the wiring in your house, you don't have to have a safety person with them – they know safety, and they were trained on safety," she says. "But we've still got graduates coming out of universities who can code, but they don't know how to code securely. We've got to reframe what a professional looks like in this space."

Milosavljevic points to the evolution of motor car safety as the type of path that needs to be followed when considering cyber security and resilience. As cars become faster and more powerful, risks increased and more controls and safety features were added to reduce risk of injury.

"We've evolved and adapted and said, we're not prepared to tolerate that risk, and so how do we minimise that risk to something that we think is actually tolerable. It's about finding that balance."

Acknowledging the approach taken by car manufacturers, Singtel Optus head of cyber security Simon Ractliffe says that when it comes to cyber security, the challenge is one of timing.

"There needs to be sense of urgency," he says. "To train an architect to think as a security architect [and ensure] everything is cyber secure by design is going to take some time to evolve – I'm not sure we have that much time."

Gavin Matthews, practice director, cyber security and risk at GHD, agrees, saying the threats facing Australian companies are growing at an increasing rate. "We're up to a major breach every fortnight, so the reality is we've got to get better at this," he says.

"In organisations here in Australia, boards and C-level executives need to understand the questions to ask. Taking that information and doing something with it, that's the key thing."


Ian Grayson www.afr.com/news/special-reports/acs-2018/integrated-approach-required-for-cyber-security-20180819-h1462p

  • MyPassion

    21 Aug, 2018

    I think that "cyber invasion" should be treated as a CRIMINAL OFFENSE No more "well it was just for fun" Web ID's can be easily traced and individuals can be located, arrested, and charged with an intellectual offense....an information offense....a violation of privacy. That is easy to do. The harder part is to.....Make THE LAW say .... We WILL NOT TOLERATE YOUR BULLSHIT... Bob

Leave a reply.
I want to post anonymously.
I want to use my name.
Would you like to be notified of new comments to this News Thread?           
Yes, email me as new comments are added