The 2020 Cyber Security Strategy Industry Advisory Panel Report – The Findings
On Thursday 6th August, the Australian Federal Government shared their 2020 Cyber Security Strategy for government agencies, business and the general public. A number of individuals and businesses were apart of the consultation process to help shape the strategy document we see today. Part of this group included an industry panel, who put together a comprehensive report of their findings and recommendations to the federal government. In this blog, Dane Meah takes a closer look at their findings.
The Cyber Security Strategy Industry Advisory Panel was formed at the end of November 2019. The aim was to provide an industry perspective of cybersecurity to inform the government’s revised security strategy. Supported by submissions from a large group of industries covering a complete cross-section of the Australian economy, from technology and cybersecurity to mining and transport. Over eight months, the team has had formal briefings with various government stakeholders, gaining lots of valuable feedback to produce what is a well-considered document.
The Aim of the Industry Advisory Panel Report
The panel was put together to help inform the government as it looks to create a revised cyber security strategy this year. The panel worked on compiling a series of recommendations on best practices in cyber security. This involved taking existing and emerging security trends and threats into account, such as nation-state attacks. The key strategic priorities for the strategy were aimed not just at the government but also at enterprises. The idea being that the recommendations would help overcome the obstacles and barriers for the delivery of the strategy and account for the effect of any proposed initiatives on the economy. After all, while new regulations may be necessary to manage the potential threats, they can’t be so rigid that they have a detrimental commercial impact.
Principal Take-Aways from the Report
The report dives into a lot of detailed recommendations, which are certainly worth reading through. While many areas may be familiar, there are some new and poignant recommendations that could make a significant difference to Australia’s security strategy. Some of the pivotal recommendations that the panel makes include:
- Establishing clear consequences – cybercrime shouldn’t be allowed to go unpunished. The government should be empowered to go after the proceeds of the crime so criminals can’t defraud people without consequence.
- Implementing better risk management – this is a call out to both the government and private sector to identify risks and then apply the controls and strategies to mitigate them. The panel highlighted the need for better risk management within our businesses to address cyber security holistically.
- Leading by example – the government should be a shining beacon for what good looks like within cyber security. They need to demonstrate how programs can be implemented to manage the complexities of big legacy infrastructures and systems. And larger government departments should help the smaller ones.
- Building better security awareness – while awareness has improved since the original cyber security strategy in 2016, there isn’t a rounded approach. Instead of organisations having isolated strategies, they should work together to account for different demographics and users.
- Increasing threat sharing – the panel suggests that intelligence should be applied so that threats can be stopped at higher levels than an individual’s endpoint security. (E.g. at a Telco level potentially blocking sites that are known to be malicious, meaning that individuals will not be able to access them from their home computers) The report looks globally, stating that other countries have implemented similar approaches with some success.
- Identifying key incidents that can occur – there should be well documented and rehearsed playbooks around what can happen in an enterprise during a cyber incident. Large-scale cyber response simulations should look at what happens if critical infrastructure goes down.
There is certainly a lot to cover in the report, 60 recommendations in total, but these are some of the key points. The panel recommends that threats to critical infrastructure, digital supply chains and systems of national significance should be addressed first, but the report addresses the full spectrum of cyber security threats that the country is facing.
How Can You Make a Difference?
The Australian government has a goal for the country to be a leading digital economy by 2030. To achieve that, there is an urgent need to step up cyber defences. The government needs to address highly sophisticated threats that target critical infrastructure, but also smaller activities which target vulnerable groups.
Ultimately, the only way to look at cyber security is as a team. Whether you work within the government, own a large enterprise or small to medium-sized business, you have a role to play. We all have shared platforms, common customers, and, unfortunately, can all be a target of attacks. By sharing accountability and working together, we have a better chance of keeping Australians safe and delivering the security settings we need to grow and prosper.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help