Technology builds the digital economy – yet, cyber security functions as a key pillar that helps it thrive. This fact has become even clearer this year throughout Australia with the recent escalation in cyber security threats – an intensification in the frequency and sophistication of attacks that has been felt across the country by the government, corporate organizations, and individuals.
Watching this happen during a global pandemic underscores the reality that – in good weather as well as in bad – as long as businesses continue to thrive, we will need to continue fighting cyber crime.
The global pandemic underscores the reality that - in good weather as well as in bad - as long as businesses continue to thrive, we will need to continue fighting cyber crime.
Australia’s Digital Trust Report 2020 estimates that a four-week interruption to digital infrastructures resulting from a significant cyber incident could cost the economy $30 billion AUD (1.5% of Australia’s Gross Domestic Product) and affect around 163,000 jobs.
The key question is how best to minimize this type of risk. In the era of COVID-19, it may be appropriate to draw a comparison between how we deal with cyber crime and how we protect ourselves from the coronavirus.
Perhaps more than any other time in recent history, we have been absorbed this year with finding ways of ensuring our own safety, the safety of our families, and our broader surroundings. A similarly vigilant approach needs to be adopted in the cyber sphere to ensure the safety of digital, hyperconnected businesses.
Yes – there is no single vaccine that may make us 100% immune to cyber crime. But we should do whatever is possible to minimize exposure and reduce risk. This awareness and care should become embedded in the routine of our daily lives – what we call the “New Normal.”
Australians are being targeted by a range of different groups that vary in their intent and sophistication. These include:
Protecting ourselves requires adopting a more sophisticated approach to cyber security that leverages capabilities such as automation and data analytics.
Protecting ourselves requires adopting a more sophisticated approach to cyber security that leverages capabilities such as automation and data analytics.
Moreover, the fight against cyber crime must involve all sectors: The government, private businesses, and individuals each play a role in creating a cyber safe environment.
Since the onset of COVID-19, Public Private Partnerships (PPP) have been key to successfully mitigating emerging cyber threats around the world. By sharing intelligence and expertise on recent trends as well as providing technical assistance, private sector companies serve as valuable partners for law enforcement agencies.
The Australian Cyber Security Centre (ACSC) is leading the Australian Government’s efforts to improve cyber security. ACSC was set up with the objective of helping make Australia the safest place to connect online.
The Australian Government’s vision is to create a more secure online world for Australians, their businesses, and the essential services upon which we all depend. According to Australia’s Cyber Security Strategy 2020, the Australian Government plans to invest $1.67 billion over ten years to achieve the vision of a safer digital world for businesses and individuals.
On September 6, 2019, the Australian Government released a public discussion paper, “A call for views,” to give every Australian a say in the development of this strategy. As summarized in Australia’s Cyber Security Strategy 2020, the following key themes were raised during the consultation process:
While the government does its part in sharing threat information, strengthening information security partnerships, and holding cyber criminals accountable – private organizations need to take the necessary steps to keep their own businesses, intellectual property, and customer data secure.
As attacks increase in sophistication, security operations also need to be enabled with technology advancements such as robotics, Big Data and automation.
A traditional security operations center (SOC) used to have a SIEM with an event collector, a correlation engine, and a SOC team actioning the alerts that were received. However, this system has been beaten by cyber criminals – with their increased speed, agility, and sophistication.
And making this even more challenging is the fact that obtaining skilled cyber security professionals remains the top challenge nationwide.
What organizations need today is an intelligent, next-generation SOC with tools and technologies to combat cyber criminals. The key components of a smarter SOC include:
What organizations need today is an intelligent, next-generation SOC with tools and technologies to combat cyber criminals.
Within any large organization, the Chief Information Security Officer (CISO) generally is responsible for security operations. But that’s only one part of the CISO’s job.
Another critical aspect of the CISO’s work is involving tying cyber security risks to business risks. The ability to assess and share the level of business risk facilitates better communication with the board.
This process also helps identify gaps, define priorities, and ensure the right strategy is in place to protect an organization’s crown jewels. Here at CyberProof, for example, we utilize a framework called the MITRE ATT&CK and leverage a “Use Case Factory” approach to build and maintain end-to-end traceability of the business risk.
And while cyber security is a never-ending battle, we believe that it is possible to “claim victory” by keeping any potential losses below an acceptable limit defined by the business and being ready to respond if and when an attack occurs.
If you are concerned about the robustness of your organization’s cyber security operations and its ability to protect itself from cyber attack or would like to speak with one of our experts, contact us today. We are here to help!