Australia's productivity at risk if security behaviours don't change

The growing volume of data breaches highlights a worsening IT security situation that – without intervention in the form of breach reporting laws – is paving the way for many of the worst-case scenarios outlined in recent CSIRO report to come true, a security strategist has warned.

Reflecting on the growing number of data breaches – over 807 million since 2013, according to SafeNet's ongoing Breach Level Index – SafeNet chief strategy officer Tsion Gonen told CSO Australia that businesses all over the world were continuing to delude themselves about the threats they face and the resources required to beat them.

"The threat is real, but the way that we look at it is not," Gonen said. "We talk with a lot of organizations around the world, and there's a perpetual imbalance between trying to protect assets and needing to be successful all the time."

"Attackers only need to be successful once," he continued. "So, it's not about whether it's going to happen, but about when it's going to happen and what we do to prevent it happening. For 25 years it has been about breach prevention – but if we keep using the methodologies the security world has been looking at until now, I would say it's destined to fail."

With no formal breach notification laws in place, the lack of visibility into these failings was perpetuating a culture where insufficient security was being left to continue unchecked.

Such a culture will potentially compromise Australia’s national productivity, bringing to fruition a threat raised in the CSIRO's recent security report, Australia's Digital Future.

That report noted the risks of an increasingly vulnerable environment, evolving cyber-security landscape, increased technological dependence, and changing social trends that have made, as the CSIRO report puts it, "a capability of crucial importance."

"Our national progress is directly tied to our ability to minimise risk exposure without limiting progress," the report's authors note, with a scope of analysis extending through 2025 that is designed to inform forward planning and investment considerations for the future.

With Australia suffering the fifth highest level of malware infections worldwide and CERT reporting well over 8500 incidents during 2013, the threat landscape is already significant. This is only expected to increase as healthcare providers embrace cloud computing; researchers build connected service ecosystems; online government links citizens in new ways; building monitoring expands the use of sensors and controls.

All will, as the CSIRO puts it, "lead us to becoming more dependent on the use of technology, or more specifically, on the underpinning technology infrastructure that makes that usage possible."

But with network boundaries "dissolving" and network traffic increasing, Gonen warned that businesses need to become more open about their vulnerabilities – as has happened in the US because of mandatory breach laws – and more ready to take action.

"Breach notification laws promote security and force people to think about it," he explained.

"You can't necessarily solve for every scenario, and can't perfect everything. But you do need to think about the worst-case scenario, and take it step by step starting with the most important areas."

For too many companies, however, an out-of-sight-out-of-mind perspective on ICT had proved problematic to implement because many within the companies haven't given enough attention or resources to fixing the problem.

"As an industry, we're being forced to evolve because of what's happening," he said. "It's about thinking in advance, and building security into the infrastructure instead of trying to put in walls to prevent issues."

"People don't want to be the next target, but the fact that we start talking about it will not cause it to happen more. It's an important conversation to raise."

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about CERT AustraliaCSIROCSIROCSOEnablingSafeNetSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place