How did you end up in your current role, and what attracted you to the industry?
I have been working in the IT Security industry for over 20 years now, and more than 8 of those years with SafeNet/Gemalto. In 2015 I had the opportunity to relocate to Australia to head up and drive the growth ambitions for Australia, New Zealand and the Pacific Islands. The IT Security sector is constantly changing, and in many aspects, it is this constant change and understanding how we can adapt to the latest threats that attracted me to the industry.
How has the increasing climate of governance and compliance changed your approach to security, and changed your engagement with board members and executives?
Regulations are put in place as either guides on best practice or as fully enforceable regulations with penalties for non-compliance. Personally, I feel that regulation is a necessity as it helps provide guidance and direction to organisations and allows for greater protection as consumers. Without regulations, organisations tend to focus on their core goals without taking into consideration the regulatory landscape from a global perspective. It’s important these organisations consider this, including senior executives.
What do you see as the biggest gaps in the functionality of current cybersecurity technologies?
Cybersecurity threats are constantly changing, so your technologies need to be able to adapt. Having a strong ecosystem of supporting vendors that enable you to create a defense in depth approach but also looking into new fields such as Artificial Intelligence and Machine Learning can also add insight into how to adapt.
How has availability of cloud-based services changed the way you deliver your solutions?
I look at the cloud as an enabler, to level the playing field. Gone are the days in which only the largest and well-funded companies could afford hardware and software. Now you can rent the services you need for as long as you need them. As an organisation, we have adapted to this over the last decade, becoming one of the first organisations to offer a fully cloud-based identity solution to replace passwords, known as SafeNet Authentication Service. This service has been adopted by companies varying from five users to millions of users.
How has increasing regulation changed your security priorities and those of your customers?
Historically I think we all had islands of security, but as we move more and more into a digital world, protecting data is the most important thing any company should do.
What security threats do you see as most problematic over the next year?
Identity protection remains to be the weal point for many companies, so this needs to be addressed as a priority. Encrypting important or sensitive data is crucial – if cybercriminals can gain access then they can access the data, so both need to work in parallel.
What are the ethical implications of just doing the bare minimum when it comes to cybersecurity
We all have a duty of care to the treatment of important data, but often the need to reach an outcome overrides the ethics of security. Organisations have a responsibility to address this by upholding a code of ethics that clearly defines their rights and responsibility over all data within their possession. Good data ethics isn’t just about setting the right standards, or rules of conduct. Businesses have a greater responsibility to build a culture where ethics is the rule rather than the exception, where decisions on data are governed by empathy and decency – rather than personal or corporate interests.
What do you think is the real impact for organisations who experience data breaches, including on their bottom line?
Initially the overriding impact is to the reputation of the company, especially if they are notified about the breach by an external 3rd party. This initial realisation may have only a small impact on the bottom line, but as more information is released, this can have a significant impact over the long term. Recent GDPR penalties demonstrate this.
What impact do you think government involvement in cybersecurity will have on the industry’s development in the future?
We are all aware that nation states sometime participate in cyber war games with each other and as such, they learn and adapt. In 2016 the Government released Australia’s first Cyber Security Strategy which included an initial investment of AU$230 million. Some of this investment has gone to address the acute shortage we have in cybersecurity capability by creating Academic Centres of Cyber Security Excellence. These are good examples of where Governments have positive influence.
What is the best way to win over users so they help cybersecurity efforts rather than hinder them?
It’s important to educate users and reinforce best practices regularly. Educate users using pictures not words, include them in cyber working groups, and review some real breaches at a high level so it is understood and remembered.