Protecting the New Frontier
After 12 months of regular meetings, it is with great pleasure that I launch the final report from the GAP Taskforce on Cyber Security. The report covers discussions facilitated by Global Access Partners where industry representatives and security experts deliberated on the scale of the cyber threat to Australia.
The recommendations that come from these meetings include public and private sector measures to understand the unprecedented scale of the cyber criminality and the need for simple but comprehensive precautions to protect the nation and its citizens.
Cyber attacks on Australian agencies, businesses and individuals continue to escalate in number and severity. Their increasing sophistication may grab the headlines, but the failure of some individuals and firms to maintain even the simplest of cyber security measures lays at the heart of many recent breaches.
While simple steps to maintain cyber security may incur some cost in terms of time and convenience, the failure to update software, change passwords or secure access leaves too many Australian firms open to exploitation and potentially crippling losses of data, money and reputation.
The report offers a number of high-level recommendations for government, business and academia to improve the security of systems on which an ever-greater proportion of commerce and social activity depend.
The Taskforce called for the application of internationally agreed standards and protocols, including ISO/IEC 27000, in business plans and voluntary codes of conduct and the regular cyber-audits of firms to ensure their compliance.
The group also advocated for the introduction of a rigorous accreditation system to improve the licensing and regulation of technology personnel.
Better cyber education for all Australians is necessary. Children in schools, small business owners and top company executives need training in simple but effective ICT security measures and their integration into all online activities.
Taskforce members called for government support for new research to quantify the nature, scale and impact of cybercrime in Australia and to better understand the human behaviour which leaves technology open to attack.
New ways to contain and tackle international cybercrime must also be found, as the borderless nature of such activities render traditional notions of domestic crime fighting obsolete.
Digital connectivity has transformed business operations and society itself in recent years, but the threat of state and industrial espionage, criminal fraud, ransomware and identity theft threaten to undermine public faith in digital transformation.
The Taskforce recommended creating a single home affairs portfolio or strengthening the role of the Attorney-General to assume responsibility for all cyber security activities, as several government agencies are currently operating in silos.
Cybercrime can affect every Australian business and individual, and so every firm and citizen needs to know how to protect themselves. The Taskforce called for better coordination of cyber security awareness campaigns and a stronger role for the government in encouraging Australian businesses to embed cyber security within every aspect of their operations.
Is your business safe? If not, read on.
Catherine Fritz-Kalish is the co-founder and Managing Director of Global Access Partners (GAP) and Director of the International Centre for Democratic Partnerships (ICDP) and ICDP Foundation. She also holds Board positions for a number of not-for-profit organisations.
Alan Stevenson
December 23, 2017 at 3:27 pm
Catherine is, of course correct in all that she says regarding cyber security. The concept of agreed standards, protocols, cyber audits and an accreditation system are ideals. However, in all the (small) organisations I have worked in these are pie in the sky – they have no hope whatsoever in getting off the ground. We are dealing with people who do business face-to-face or by telephone – the very concept that they might be at risk simply does not enter the equation. Big business is equally at fault where the person in charge of the system is not a board member. Generally speaking, where the program manager is a director and can therefore keep the others informed the system is relatively safe, otherwise sales and marketing comes first with everything else a poor second.
I can understand and empathise with Catherine on this one. However, human nature being what it is . . .