Darren Kane, Chief Security Officer at NBN Co, recently joined McGrathNicol Advisory Technology & Cyber Partners Blare Sutton and Shane Bell for an FCX webinar to review the Federal Government’s Australian Cyber Security Strategy 2020. Darren was a member of a six person Cyber Security Industry Panel established by the Government late last year to advise on the development of the strategy.
In FY20, the Australian Cyber Security Centre responded to 2,266 cyber security incidents, a rate of almost six per day across all sectors, with 35% of those attacks involving the Government sector. It is estimated that cyber-crime could be costing the economy $29 billion per year (2% of GDP)[i].
The panel identified five key pillars for cyber security:
The Australian cyber security landscape is changing. There is an increasing threat of cyber-attack by nation states, sponsored actors and organised criminals (and the use of the ‘dark web’ in those contexts), organised criminals are using encryption to hide their identities and, in recent months, cyber criminals have exploited the significant rise in online transactions resulting from the COVID-19 response.
In light of the jurisdictional challenges of multi-jurisdictional cyber incidents, taking action to ‘disrupt’ cyber-criminal activity is an important cyber security alternative where investigation is not possible. However Darren noted the panel’s view that rigorous investigation and prosecution should be pursued where feasible.
Key elements of the cyber-security strategy include:
- Increased investment in defending and investigating cybercrime ($1.67 billion over 10 years);
- Promoting a shared responsibility between Government, Business and Community;
- New ways to investigate and shut down cybercrime;
- Stronger defences for Government networks and data;
- Resources to enable SMEs and consumers to increase their awareness of cyber threats and become more cyber resilient;
- 24/7 cyber security advice hotline for SMEs and families;
- Improved community awareness of cyber security threats; and
- Establishment of a Standing Industry Advisory Committee.
Going forward, cyber security must be viewed not only as an organisational responsibility but also as an individual responsibility.