Supercharging Australia’s digital trade through cyber security

| November 9, 2018

Data is now a more valuable commodity than oil or gold and the main driver of value in economic activity. However, this means it attracts the attention of criminals as well as legitimate organisations, and better steps must be taken to safeguard it. The structured, compliance-based systems of networks and processes which developed countries rely on are being used by criminals and hostile nations to wipe huge amounts of value from the global economy. 

Around $17 billion is lost in Australia every year through criminal exploitation of poor cyber security, while some reports estimate a trillion dollars is lost to the global economy in total. An extra trillion dollars of global wealth could achieve many things, and the majority of that value is lost from a handful of economies, most of them in this region.

Cyber resilience and cyber security are different but related concepts. Breaches of cyber security hit the headlines every day, as the media loves a sensationalist news story, but this coverage has had a positive effect by bringing cyber security into the Australian consciousness.

Cyber resilience is a broader concept and focuses on how we respond to and recover from a malicious cyber incident. The development of cyber protection services could drive significant economic value for Australia, while its implementation should improve productivity and efficiency in the economy and society as a whole.

While it is often claimed the world has never been more dynamic and complex, similar eras of rapid change have occurred several times before. The difference today is that innovation occurs in the new, and entirely digital, domain of cyberspace. It creates unlimited room for creation and innovation, but also a playground for criminality.

It may take 30 years for society to understand and inculcate the changes cyberspace will create. The internet itself is only 30 years old and owes its origins to researchers in in the US who wanted to communicate about their research in a more efficient way. Their concepts quickly replicated, like a virus, and grew into the modern web of today.

While people take the internet for granted today, policy makers are still grappling with digitisation and the ways the physical world collides with the digital. Accelerating technological change is being exploited by criminals before safeguards can be developed and deployed, while Western democracies are being undermined through cyberspace by hostile nations.

Cyber attacks have moved beyond major companies and government agencies to undermine the fabric of entire nations and the rules-based order on which governments, businesses and citizens rely.

Our inability to keep pace with technological change gives criminals a wealth of networks and systems connected to each other to exploit.  Dozens of women are killed every year after former partners acquire details of their whereabouts on the dark web and hunt them down.

Australia has already fallen behind some of its competitors in terms of developing cyber protections. Other countries have realised the potential of cyber security to boost economic growth, and data from multiple sources suggests the market is growing by an average of 9% per annum, outstripping most others.

The Indo-Pacific, however it is defined, is the fastest growing region in the world, and AustCyber research suggests the region will spend a trillion dollars on cyber security products and services over the coming decade.

Cyber is a whole-of-business risk

Risk has opportunities as well as downsides and firms must think about cyber security to generate gains as well as avoid losses. Despite the losses caused by cyberspace attacks, Australia can reap larger benefits by exporting cyber security services as well as using them to defend the nation and its citizens.

Every part of the economy and society must embrace cyber resilience, as they are all part of the digital revolution or directly affected by it. Businesses must see cyber attacks as a whole-of-business risk, rather than merely an IT problem.

Malicious actors often ‘phish’ to steal employee identities and impersonate them to gain illicit access to organisations. Technology has blurred the boundaries between home and work, and so employees must be careful to avoid dubious links and guard their identity in their private interactions as well as in the workplace.

Social networks such as LinkedIn can connect people with others they do not know, and the popularity of ‘BYOD’ means that compromised devices at home can infect the workplace as well. One ‘phishing’ expedition undertaken three years ago infected an Australian organisation with malware that was only discovered recently. These technological ‘sleeper agents’ means that compliance alone is not enough to protect organisations.

Some Asian nations already require foreign firms to demonstrate they have cyber security embedded in their organisation before trade can commence. Some firms ask to see how a prospective supplier would respond to a malicious entity gaining access to their data systems. Australia remains a soft target for malicious activity for as long as its business sector remains complacent about the risks.

All agencies and companies must accept they will be compromised by malicious nation-state actors or criminals at some point. They must therefore develop cyber resilience procedures to respond and recover when cyber security fails. Major data breaches are not confined to high-profile American firms, and many Australian organisations have suffered breaches, not legally required to report until this year.

Earlier this year, Australian recruitment company PageUp responded well after being compromised, yet still lost corporate customers. Casting blame in this way is not helpful, and all stakeholders should accept a measure of responsibility and support each other when one is affected, just as people do during a natural disaster.

Stakeholders should learn from the experience of partners and use those insights to prepare for when a similar misfortune affects them. The more resilient a nation becomes, the less of a target it will be for otherwise unsophisticated criminals who buy and use malicious hacking tools from the dark net.

As a relatively wealthy nation, Australia should help its Pacific and Asian neighbours to improve their security and resilience, as this will improve the region’s ‘herd immunity’, just as high vaccination rates help societies combat disease.

Better security measures increase the cost of criminal activity, although malicious individuals, groups and nations can still buy military grade hacking tools from the dark net to potentially bring down hospitals, electricity grids and even aircraft from the sky.

Every policy on digital growth must account for cyber risks as well as the opportunities created by cyber resilience services. AustCyber is uniquely placed as a government-funded, non-profit body to help build sovereign capability, target research funding and improve education.