014
FROM THE INDUSTRY INNES WILLOX – Chief Executive Australian Industry Group
Australia’s 2020 Cyber Security Strategy underscores risks to businesses Cyber security threats continue to be a growing and evolving risk management issue for many businesses, with news about data breaches and ransomware attacks becoming more mainstream. What used to be considered a ‘niche’ issue is now well and truly an issue for boardrooms and senior management. Experts recognise that cyber attacks are not a matter of “if” but “when”. The intensity and volume of attacks makes us all vulnerable.
chain members, companies need to look beyond production capability and credit risk and ask detailed questions about cyber security preparedness.
The Government has stated that cyber security incidents cost Australian businesses up to $29bn each year, with almost one in three Australian adults impacted by cybercrime. Just last month, in releasing its inaugural Annual Cyber Threat Report (July 2029-June 2020), the Government revealed the Australian Cyber Security Centre (ACSC) is receiving almost 60,000 reports a year – or one every 8.8 minutes.
It is very timely, therefore, that in August the Government released its 2020 Cyber Security Strategy, highlighting that it is now more critical than ever for closer collaboration between governments, businesses, other organisations and the community to address our mutual concerns and interests.
And with more people working from home in light of the COVID-19 pandemic, there are new risks. Australians are becoming increasingly reliant on the online environment, making it even more essential that we are all adequately protected against cyber crimes and related threats (check out the ACSC’s tips for when working from home at: tinyurl.com/y2wthl4v). Ai Group’s membership represents a diverse range of businesses, of many sizes and from many sectors, and COVID-19 has highlighted to us how many of these businesses are essential to our economy. Digital technologies have been a key enabler for such businesses to remain open and sustainable. These businesses contribute to our sovereign industrial capability, our various supply chains, and critical infrastructure and services. Now, amid a pandemic-driven recession, businesses are facing challenges greater than any in living memory. The pandemic has also highlighted broader economic vulnerabilities, raising questions about the scope of our domestic capabilities and resilience of global supply chains. This unstable environment presents an opportunity for industry to emerge more globally competitive by taking fuller advantage of Industry 4.0 and digitalisation. Various Government announcements, including building our sovereign industrial capability, should contribute to our economic growth and resilience. But to ensure that businesses can make the most of these opportunities, we need to ensure that businesses are equally cyber secure and resilient. As AustCyber – the Australian Cyber Security Growth Network – has stated, cyber security is a function of insurance for a resilient economy, and cyber security is a shared responsibility for everyone. In June the Government made an announcement about malicious cyber activity against Australian organisations during this pandemic. It was a sobering reminder that businesses and the community need to be vigilant at this time of increased geopolitical tensions and with our changed work practices. In light of growing public awareness and government scrutiny of data privacy and rights, which may arise from cyber security incidents, it is also important that businesses ensure that they are adequately meeting consumer and government expectations and levels of trust. All Australian organisations should be alert to cyber security threats and take appropriate steps to build resilience into their systems, networks, supply chain and partners. When assessing supply
AMT OCT/NOV 2020
The Strategy includes a $1.67bn commitment over the next ten years to invest in initiatives to help strengthen Australia’s security. There are several positive funding commitments directly targeted at supporting and working with industry. These are aimed at: • Enhancing incident response procedures. • Improving information threat sharing. • Strengthening cyber security partnerships. • Improving critical infrastructure security. • Uplifting cyber security of small and medium-sized enterprises (SMEs). • Growing a skilled workforce. • Supporting R&D industry partnerships. • Enhancing access to guidance and assistance on cyber security. There are also actions for governments, businesses and the community to address various aspects of cyber security, which will need to be properly worked through with stakeholders. This includes reforms such as the critical infrastructure security reforms. Other activities that have flowed from this Strategy include the Department of Home Affairs’ recent release of its Voluntary Code of Practice: Securing the Internet of Things (IoT) for Consumers (https://tinyurl.com/y3qwdkuc), as well as the ACSC’s tips for securing IoT devices (https://tinyurl.com/yxpymf27) and guidance for manufacturers (https://tinyurl.com/yxjamkhg). Just as no company is immune from cyberattacks, managing risk is not beyond the scope of most companies. The ‘Essential Eight’ outlined by the Australian Signals Directorate (https://tinyurl.com/ y3ujzcvn) is a set of strategies to mitigate cyber security incidents that will protect companies from 80% of risks. This includes: • Mitigating known application control bypass techniques. • Raising the bar for less mature implementations of application control. • Expanding the scope of application control for servers. • Correctly identifying less mature approaches to testing restoration of backups. • Increasing the frequency of testing restoration of backups. We encourage businesses to pay close attention to these recommendations, and to the important range of Government initiatives designed to strengthen our resilience. It is crucial to seek the best advice possible, particularly given our current vulnerability.
