Government Launches New Cyber Strategy to Strengthen Australian Businesses Cyber Defences

Commentary from Liam Rowland, Head of Incident Response and Forensics, APJ at Dell SecureWorks.

Australian companies are seriously lagging behind their US and UK counterparts when it comes to cyber security. According to Deloitte, Australian companies could risk becoming “low-hanging fruit” for cyber criminals due to a lack of education and an unwillingness to properly deal with cyber threats.

The Australian government has recognised the lack of cyber security and the lack of action companies are taking to protect themselves and has announced a new Cyber Security Strategy in an attempt to ‘help Australia grow by embracing disruptive technologies from a secure footing’.

Although many of the initiatives are voluntary, Liam Rowland, Head of Incident Response and Forensics, APJ at Dell SecureWorks, believes failing to take action could end up destroying your business.

“The Government Security Strategy tells us something with certainty, the Australian government is getting very serious about Cyber Security, meaning organisations operating in Australia are going to need to follow suit,” explains Rowland

“Regardless of whether it’s the perspective government or the growing requirements on the private sector, Australia’s attitude to security, as a whole, is evolving. It is critical anyone that operates in Australia evolves with it.”

Rowland believes if Australian businesses do not take cyber security seriously now, they could not only be in for a shock when their systems are compromised but also be on the receiving end of a rather large fine, with the government looking to pass Australia’s Privacy Amendment (Notification of Serious Data Breaches) Bill 2015.

“The worst time to realise you are not prepared for a cyber-security incident is when a breach occurs. Security incidents are crisis situations that place a great deal of pressure on IT staff. Nearly every day the media report on organisations, companies and nation states that are dealing with information security breaches. From the smallest companies to the largest conglomerates, organisations around the world are attacked every second of every day and many do not have an incident response plan in place,” said Rowland.

“With the new cyber security strategy and breach notification regulations coming into place in Australia, organisations will now have to be transparent around breaches. This means people will be asking more questions about why their data wasn’t secured to the degree to prevent a breach should one occur. If the cause is because the business didn’t have an incident response plan in place, not only will they be fined under the new regulations and have to report it to their stakeholders but also may face customer backlash and resentment around the loss of their personal data.”

Worryingly, according to research conducted by Australian Cyber Security Centre, 43% of major Australian businesses did not report cyber incidents to anyone in 2015 and with more focus on detecting and notifying the relevant stakeholders of any breaches, these incidents will no longer be able to be kept secret.

While identifying and understanding the short- and long-term costs is important, Rowland says the real key is preparedness.

“Estimating what a breach might cost today can help a company better develop a plan for the day when an event does occur. Determining potential losses can highlight key areas of opportunity for enhancing security strategy, focusing budget and resources on the right vulnerabilities, and preparing the company to respond quickly and resolve a breach more effectively,” says Rowland.

To avoid becoming the next big headline, as well as the significant losses associated with a breach, Rowland can provide vital tips for organisations on reducing and mitigating the overall impact of a breach, including:

Most importantly; don’t wait, take action now

Read more: CSO Insights: 2016 IT Security Strategies Survey – prize terms and conditions

Understanding the costs of a breach to your organisation

Plan from a consequence approach - Identifying a hierarchy of consequences based on breach scenarios can focus resources and potential investments in people, process and technology.

Establish an incident response team and develop a comprehensive incident response plan. Test the plan frequently

Engage a third party as part of the incident response plan - Third-party security responders should have the capabilities to plan for, detect, identify, and extricate cyber threats from the environment, and they should provide the necessary cyber forensics to assess damage and aid recovery

Train your employees - Security awareness training can become your first line of defence to prevent the initial intrusion vector of many breaches

Insure your organisation and make sure it’s got you covered - Purchasing cyber insurance is a good best practice for decreasing some costs of a breach, and can help lower the cost per compromised record

Get leadership involved - Studies show that involving the board of directors in security decisions has a direct dollar correlation to decreasing the cost of a breach

Join the CSO newsletter!

Error: Please check your email address.

Tags Cyber defenceDell SecureWorksIT professionalsgovernment securityIT trainingcyber incidencescyber strategyLack of educationdata breachescyber threats

More about BillDellDeloitteEngageSecureWorksTest

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Rowland

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place