The responses to Australian Federal Government’s cyber security Strategy announcement


Symantec comment on cyber security announcement

Symantec LogoIn light of the Federal Government’s announcement of their new national cyber security strategy on the 21st of April, Ian McAdam, Managing Director, Symantec, Australia and New Zealand, has provided the following comment on how the overall strategy is well positioned to strengthen Australia’s cyber defences:

“While the digital economy is opening up new opportunities for Australia to boost productivity and grow innovation, it has also made Australia one of the world’s most targeted countries for cyber-attacks, according to Symantec’s annual Internet Security Threat Report (ISTR).  With the incidence and severity of cyber security threats increasing across the country, Symantec supports the Australian Government’s Cyber Security Strategy.

The investment announced by the government demonstrates there is no one silver bullet that can protect our nation from cyber security threats. The government’s strategy to apply a multi-pronged approach across cyber security education, partnerships, research and development, and global awareness is an important step in helping to reduce cyber security threats.

Given the borderless nature of cybercrime, building  trusted partnerships with the private sector and other governments to share intelligence that tackles critical cyber risks will be critical to helping Australia stay on the offensive.”

WatchGuard Response to Australia Federal Government’s Cyber Security Strategy Announcement

WatchguardA response from Rob Collins, Technical Director – APAC, WatchGuard Technologies in relation to the Federal Government’s Cyber Security strategy announced on the 21st of April:

“The admission that the Bureau of Meteorology was compromised is a welcome change to the usual veil of secrecy around breaches of Government networks, especially when there is an expectation that businesses should be forced to admit their breaches. Acknowledging that cyber security is a problem for Australia won’t come as a surprise for the many businesses that have been struck by ransomware and financial fraud attacks that have really ramped up in the last 18 months.

“As a pre-sales engineer with various internet security companies over the years, I’ve preached the importance of strong cyber security too often to deaf ears.  Government agencies that are not taking advantage of the latest technologies like Sandbox malware analysis and layered security are leaving themselves vulnerable.  Hopefully, with these announcements and funding for education and establishing best practices, CEOs and CIOs will appreciate the need and budget for robust cyber security initiatives.

“IT security professionals understand that cyber warfare can be just as dangerous as a real war, with power stations, water treatment facilities and uranium purification processes all vulnerable to attack.”

Nuix Logo 3

Nuix highly commends Australian Government’s Cyber Security Strategy

Leading Australian technology company Nuix has gave the Federal Government’s Cyber Security Strategy a 10 out of 10 for its strong leadership, focus and range of initiatives to combat cyber-crime.

Nuix’s CEO, Eddie Sheehy, said careful thought and planning has gone into the strategy to develop a clear and integrated response to improve the nation’s cyber security position.

Nuix has also strongly welcomed the decision to appoint Australia’s first Cyber Ambassador as well as designating a Minister Assisting the Prime Minister on cyber security and appointing a Special Adviser on Cyber Security in the Prime Minister’s Department.

“This strategy is a robust and effective response to cyber threats, which are increasingly affecting the operation of many public and private sector organisations in Australia,” said Nuix CEO, Eddie Sheehy.

“It is essential that cyber-security is embedded across every organisational level to increase protection against attacks and this strategy strongly supports that approach.”

Nuix commends the strategy’s co-designed voluntary health checks and good practice guidelines, which will significantly help improve cyber security measures.

“We fully support the idea of co-designed health checks and tangible joint exercises to constantly test the defence measures for public and private organisations,” said Eddie Sheehy.

“Cyber-security is a never-ending journey, not a destination. The strategy’s approach will help improve cyber security protection measures so they are more relevant, up-to-date and effective on a daily basis, rather than a tick-box compliance exercise for organisations.

“It should also have an impact on changing people’s attitudes, culture and responses to cyber security which ultimately is everyone’s responsibility.”

As an innovative Australian global technology company, Nuix has welcomed the Prime Minister’s call to businesses and departments to further support home-grown cyber security capabilities.

Nuix looks forward to helping implement the strategy – working with Government, businesses and the research community.

“I am delighted to see the strategy has acknowledged that building our cybersecurity capability requires both individual responsibility and advanced technology,” said Eddie Sheehy.

“Cybercrime is a negative side-effect of our wonderfully beneficial connecting technology and networks. Technology must therefore be an underlying part of any solution.”

Cybersecurity Strategy announced – Quote from John N. Stewart, Cisco

Cisco Logo SmlAs you know, on the 21st of April, played a key role in Australia’s cyber-secure future as the Prime Minister & Cabinet has announced their cybersecurity strategy, based on a comprehensive review. (Full report can be downloaded here)

Cisco’s global cybersecurity expert, John N. Stewart, was one of the five experts selected by the PM&C to provide key recommendations on what the Government should do to ensure a cyber-secure future. Stewart and his team worked together across the US and Australia to provide a comprehensive 8 recommendations report that was submitted back in July 2015 (see a quick video presentation here).

Amongst the 8 recommendations, John N. Stewart and his team insisted on the importance for Australia to address the country’s cybersecurity challenges to drive economic growth, to build and maintain trust, as well as building skills, education and training.

Following this morning’s strategy launch speech by Malcolm Turnbull, in the presence of Ken Boal, Vice President of Cisco Australia & New Zealand, John N. Stewart has released the following comment:

John N. Stewart, Senior Vice President and Chief Security and Trust Officer, Cisco, says : “Digitization continues to be a driver of Australia’s economic transition, causing industry and government leaders to focus on managing risk, creating opportunities to differentiate, cultivating an IT service base that is globally competitive, and building trust. Cybersecurity can be that differentiator and business advantage.”

Please find here a quick video from John N. Stewart, as well as the presentation at a glance of the Cybersecurity Strategy announced on the 21st of April.

$230 million Cyber Security Strategy a warning beacon for businesses of all sizes and sectors

StrategyAtAGlance – Infographic BDO_LogoA leading cyber security and technology risk specialist has welcomed the release of the Federal Government’s Cyber Security Strategy and urged businesses to consider it a catalyst to review their own cyber resilience.

BDO Risk Advisory Partner Leon Fouche said the strategy was the result of close collaboration between government and industry over the past two years to provide guidance on how Australia can become a cyber smart nation.

“Key to this strategy’s effectiveness – and to the protection of all businesses – will be a recognition that cyber security is not just an IT issue but rather a business issue that requires ownership by the C-suite and understanding by all departments,” Mr Fouche said.

“The Federal Government’s investment of $230 million to enhance Australia’s cyber security capability demonstrates the scale of the issue at hand and a clear focus on meeting the challenges of the digital age and protecting all Australians online.

“The strategy’s strong focus on collaboration and education also highlights the role every business can play. While the Federal Government is leading and innovating, businesses need to ensure their security practices are robust and up to date, and to better educate and empower employees to use sound online practices.

“Organisations should also look at the forthcoming designation of a Minister Assisting the Prime Minister on cyber security and consider how they might assign a similar responsibility to either an executive or management team.”

Industry collaboration as key

“While the Federal Government has taken a significant step in releasing its plan to mitigate cyber risks and to work closely with those organisations that operate critical infrastructure, it’s now time for each and every business to step up and play its own role in fighting cyber crime. Cyber safety is not a competition, and the strategy’s focus on collaboration – between government and industry as well as between organisations – is the correct one. Industry players of all types and sizes should be working together and pooling their knowledge and resources in order to defend their organisations, employees and customers against cyber criminals. A commitment to joint cyber security exercises will be critical in best preparing a collaborative response to attack across the public and private sectors and all industries.”

Voluntary governance health checks – just as important for SMEs

“The strategy’s recommendation of voluntary governance health checks for ASX 100 organisations certainly highlights the particular risks faced by these high-profile organisations. However, private, small and mid-sized companies make up the vast majority of the business community and can be just as vulnerable to cyber-attack, especially those with an online presence and less mature IT security measures in place. I urge all businesses, including SMEs, to undertake some level of self-assessment on a regular basis in order to understand their cyber risk exposure and their ability to respond to and recover from a cyber incident.  While there are certainly technical mitigation strategies to address, again this is not just an IT issue, but a core component of business strategy. BDO’s own cyber security checklist for example outlines the importance of integrating cyber as part of strategic planning, new market entry and corporate risk management.”

Joint cyber threat sharing

“To defend against cyber criminals, it is imperative that all businesses work together to share information about cyber threats and the steps taken to defend against these. Currently, the most significant barrier for sharing threat information is the lack of a coordinated forum through which to do so and the ability to contextualise this into real and actionable threat information. Banking organisations have demonstrated that sharing their cyber threat information and lessons learned is the best way to help the entire financial sector become more cyber resilient. AusCERT, a non-for-profit member based organisation, Telstra and various other technology vendors have developed capability to provide their members/customers threat information. The Federal Government’s call for joint cyber threat sharing centres and an online cyber threat sharing portal is a positive first step towards sharing timely and actionable cyber threat information.”

Boosting cyber skills and education

“The Federal Government’s commitment to increasing the number of its own cyber security specialists is another positive example for industry. Education and training, of both current and future employees, will be one of Australia’s most important defences against cyber criminals. To ensure we get it right, industry should be taking a much larger role in collaborating with academia, to advise on cyber strategy skills gaps and inform the curriculum across both IT and general business courses. Businesses should also be looking at ways to provide students with opportunities for industry involvement in order to provide real-life work experience, and to increasingly incorporate those with cyber skills into the workplace. As a professional services firm, for example, BDO is always looking to bring in graduates with a variety of new skills in order to boost its capabilities in emerging focus areas.”

CyberArk Response to Australian Federal Government’s Cyber Security Strategy Announcement

Cyberark Logo“The government’s announcement of a $230 million investment in its cyber security strategy will support the overall raising of awareness of the problem of cyber security and opportunities for Australian security skills development.

“At the same time, it appears that the confirmation by the government that the attack on the Bureau of Meteorology was indeed the target of a cyber attack provides compelling evidence that governments need to make a fundamental shift in their overall security strategies.

“Historically, many government agencies have simply failed when it comes to the basics of passing Security 101, including patching servers, implementing regular system updates, and tightening controls around privileged accounts and administrator credentials.  A recent survey by Dimensional Research* found that 43% of executive teams in government don’t receive regular security reports and metrics to evaluate the effectiveness of their programs.  At the same time, 75% of IT security professionals cite budget as a barrier to proper security.

“It must be remembered that in almost every breach that occurs, whether in a government agency such as the U.S. Office of Personnel Management or at the Bureau of Meteorology here in Australia, it is eventually revealed that privileged credential theft or misuse was involved. Once attackers gain initial access to the network, they can exploit privileged credentials to enable them to move laterally across the network. This process often includes conducting undetected reconnaissance for long periods of time, and the theft of sensitive data.

“To be successful at warding off future cyber attacks, Australian government departments and agencies need to design their security strategies from the inside out, taking the view that attackers may have already found their way into the IT infrastructure.

“The bottom line is that powerful, privileged credentials, sometimes termed the ‘keys to the IT kingdom,’ must be securely locked down, controlled and continuously monitored. This will limit lateral movement within the network, thereby enabling organisations to contain the attack and lessen damage.

“By taking this proactive, inside-out approach to network security focused on securing access to the organisation’s most sensitive data and information, departments and agencies can be more confident about mitigating the risk of a devastating breach that could potentially bring every day operations to a grinding halt.

“We believe the Australian government is well positioned to play a leadership role in helping raise awareness about cyber security risks and provide the resources needed to help enterprises and government agencies develop robust, proactive IT security strategies, including greater access to education and training.  The announcement is very encouraging for the community.”

* “The Gap Between Executive Awareness and Enterprise Security” survey was conducted by Dimensional Research.