$230 million Cyber Security Strategy a warning beacon for businesses of all sizes and sectors

21 April 2016

A leading cyber security and technology risk specialist has welcomed the release of the Federal Government’s Cyber Security Strategy today and urged businesses to consider it a catalyst to review their own cyber resilience. 

A leading cyber security and technology risk specialist has welcomed the release of the Federal Government’s Cyber Security Strategy today and urged businesses to consider it a catalyst to review their own cyber resilience.

BDO Risk Advisory Partner Leon Fouche said the strategy was the result of close collaboration between government and industry over the past two years to provide guidance on how Australia can become a cyber smart nation. 

“Key to this strategy’s effectiveness – and to the protection of all businesses – will be a recognition that cyber security is not just an IT issue but rather a business issue that requires ownership by the C-suite and understanding by all departments,” Mr Fouche said. 

“The Federal Government’s investment of $230 million to enhance Australia’s cyber security capability demonstrates the scale of the issue at hand and a clear focus on meeting the challenges of the digital age and protecting all Australians online.

“The strategy’s strong focus on collaboration and education also highlights the role every business can play. While the Federal Government is leading and innovating, businesses need to ensure their security practices are robust and up to date, and to better educate and empower employees to use sound online practices.

“Organisations should also look at the forthcoming designation of a Minister Assisting the Prime Minister on cyber security and consider how they might assign a similar responsibility to either an executive or management team.”

Industry collaboration as key

“While the Federal Government has taken a significant step in releasing its plan to mitigate cyber risks and to work closely with those organisations that operate critical infrastructure, it’s now time for each and every business to step up and play its own role in fighting cyber crime. Cyber safety is not a competition, and the strategy’s focus on collaboration - between government and industry as well as between organisations – is the correct one. Industry players of all types and sizes should be working together and pooling their knowledge and resources in order to defend their organisations, employees and customers against cyber criminals. A commitment to joint cyber security exercises will be critical in best preparing a collaborative response to attack across the public and private sectors and all industries.”

Voluntary governance health checks – just as important for SMEs

“The strategy’s recommendation of voluntary governance health checks for ASX 100 organisations certainly highlights the particular risks faced by these high-profile organisations. However, private, small and mid-sized companies make up the vast majority of the business community and can be just as vulnerable to cyber-attack, especially those with an online presence and less mature IT security measures in place. I urge all businesses, including SMEs, to undertake some level of self-assessment on a regular basis in order to understand their cyber risk exposure and their ability to respond to and recover from a cyber incident.  While there are certainly technical mitigation strategies to address, again this is not just an IT issue, but a core component of business strategy. BDO’s own cyber security checklist for example outlines the importance of integrating cyber as part of strategic planning, new market entry and corporate risk management.”

Joint cyber threat sharing

“To defend against cyber criminals, it is imperative that all businesses work together to share information about cyber threats and the steps taken to defend against these. Currently, the most significant barrier for sharing threat information is the lack of a coordinated forum through which to do so and the ability to contextualise this into real and actionable threat information. Banking organisations have demonstrated that sharing their cyber threat information and lessons learned is the best way to help the entire financial sector become more cyber resilient. AusCERT, a non-for-profit member based organisation, Telstra and various other technology vendors have developed capability to provide their members/customers threat information. The Federal Government’s call for joint cyber threat sharing centres and an online cyber threating sharing portal is a positive first step towards sharing timely and actionable cyber threat information.”

Boosting cyber skills and education

“The Federal Government’s commitment to increasing the number of its own cyber security specialists is another positive example for industry. Education and training, of both current and future employees, will be one of Australia’s most important defences against cyber criminals. To ensure we get it right, industry should be taking a much larger role in collaborating with academia, to advise on cyber strategy skills gaps and inform the curriculum across both IT and general business courses. Businesses should also be looking at ways to provide students with opportunities for industry involvement in order to provide real-life work experience, and to increasingly incorporate those with cyber skills into the workplace. As a professional services firm, for example, BDO is always looking to bring in graduates with a variety of new skills in order to boost its capabilities in emerging focus areas.”