Australians may not realise it but we are at the forefront on cybersecurity research and development. If you visit Silicon Valley, you're likely to hear an Australian accent before an American one. That's where AustCyber's CEO Michelle Price started when talking about the security of everything during the opening keynote of the CSO Roadshow.
We're now at a transition point, Price said, where we are recognising the breadth of reach that cybersecurity has in our businesses and the economy.
"Cybersecurity, which we're rapidly referring to as cyber-resilience, is one of the few true horizontals in the economy".
It cuts across every sector to deliver economic benefit. Without it, industry can't prosper.
Price noted that 96% of the Australian economy rests in the small to medium business sector. She described this as Australia's "sleeper advantage". As we are engaging in more digital transformation we are becoming more agile. And the small business sector is best placed to take advantage of these changes. But there is a challenge.
"What we are not very good at is working together," said Price.
Over the next decade, about $1T will be spent on cybersecurity in our part of the world. That's a massive incentive, said Price, for us to get better at working together and collaborating so that we can gain a large slice of that pie. But that will take a national approach to cyber defence and resilience.
"When you bring those two things together [that being the need for cyber resilience and collaboration], magic will happen," she said.
Part of the challenge is that the modern supply chain is more complex than what we have seen in the past. Whereas the chain was once just three or four layers deep, she said the world is now far more complex. With data, information and knowledge now part of global supply chains, as well as physical elements, we can have supply chains that are dozens of layers deep.
Price said she recently saw an example of a supply chain that was 102 layers deep. Following an analysis by the organisation at the top of the chain, 97 of those layers were potentially vulnerable to compromise.
While malicious actors keep upping the ante, we can do the same said Price.
Our education system is adapting. We are developing the skills and while there's a concern that skilled people are leaving the country to work overseas, AustCyber is creating a connection back to Australia so those professionals being their increased skills and experience back to Australia. Rather than a brain drain, we are seeing a boomerang effect.
Price said we need to be more thoughtful about what we connect and how we connect things and people together. And while some talk about air-gapped systems, that's no longer possible (if indeed it ever was).
"The world of the physical and virtual being separated is outright wrong," said Price.
Humans are the connection point and threat actors are attacking them as well as systems and devices.
Securing "all the things" means we need to be thoughtful about what we connect. Cybersecurity and resilience is an investment that needs to be integrated, by design, into everything else. We need a sustained effort that's not just about stopping the bad, but also taking advantage of the good.