Editor’s Question: 2023-2030 Australian Cyber Security Strategy, what’s your view?

Editor’s Question: 2023-2030 Australian Cyber Security Strategy, what’s your view?

Pitched as a global gamechanger, the 2023-2030 Australian Cyber Security Strategy sees Australia as the world’s most cyber secure nation. What’s the view from the frontline?

Anthony Stitt, Regional Senior Director, Nozomi Networks

One of the key issues to address is visibility over deep, widely connected networks with so many devices potentially talking to each other.

All too often, IT and operational technology (OT) networks run together on the same flat network. For these organisations, many are planning segmentation projects, but they are complex and disruptive to implement, so in the meantime organisations want to understand what’s going on in these environments.

What’s really positive to see is that organisations are more willing than ever to get their foot in the door. They understand there’s a lot of work to do, but starting with some basic tools and monitoring capabilities can still make a huge difference and it starts the process of maturation.

Tim Hartman, Head of Solution Architecture, Australia and New Zealand, Infoblox

Infoblox welcomes the Government’s 2023-2030 Cyber Security Strategy and particularly its focus on real-time threat intelligence sharing, working in partnership with our neighbours, and raising all organisations’ and people’s cyber security posture to make the whole stronger than the sum of its parts.

Organisations face new threats every day but too often don’t speak up to partners, customers, likeminded businesses, or government intelligence, which leaves others to fend for themselves. The Strategy focuses cyber protection as a collective effort and greater intelligence sharing will help us subvert cybercriminals.

While there’s a journey to go to become the most secure nation in the world in seven years, there are some important quick wins organisations ranging from SMEs – which will have the benefit of the new cyber ‘health checks’ the Government has announced – to major enterprises and government agencies, can achieve now.

Sadiq Iqbal, Evangelist, Office of the CTO and Manager, Check Point Software Technologies

Many of the proposed reforms are in line with Check Point’s methodology, with a much stronger focus on threat-intelligence sharing between entities but also on blocking of threats, both in real-time and at scale, which eliminates the costly recovery exercise which eventuates when taking the cautious approach of detection only.

We would, however, like to see a more diverse grouping of cyber organisations involved. There is also an increased focus on cyber resiliency and the need to have incident response plans in place, and provided playbooks to recover from a ransomware attack, which a surprisingly large amount of businesses do not currently have and is very much necessary.

A number of ‘free’ initiatives have been proposed for small businesses, who have become one of the most targeted areas of late due to their lack of investment in cyber defenses. This is great if it can actually be delivered and we will be keen to see how the Government delivers on its promise to provide free cyber assessments and support to over two million SMBs.

Scott Hesford, Director Solutions Engineering Asia Pacific and Japan, BeyondTrust

As the paper highlights, ransomware is an ongoing threat that can have a significant effect on Australian businesses and consumers. While gaining greater visibility on the ransomware threat and how to respond to it is important, there are defences that businesses can put in place today that can mitigate the threat. We would like to see the government educate business leaders on these capabilities in addition to assisting with attack remediation.

There is an opportunity to build on the existing strategies in a world where the focus on identity being the perimeter continues to evolve and traditional ways of working apply far less.

Pieter Danhieux, CEO and Co-Founder, Secure Code Warrior

The lack of defined, mandated goals – coupled with fixed deadlines for implementation and compliance – are unlikely to provide the cohesive, upgraded approach to security best practices that we require to truly be a world-class contender for the time being. To make that leap, key goals with a reasonable deadline, for example, compliance with key security-by-design principles by 2027, would be a small hammer helpful in smashing the status quo.

Anthony Daniel, Regional Director – Australia, New Zealand and Pacific Islands, WatchGuard Technologies

The Federal Government’s allocation of an additional $600 million to combat cybercrime is crucial in the face of the rising number, speed and sophistication of cyberattacks.

At the same time, the mandatory reporting for hacked businesses will not only empower the government to respond effectively but also enable the creation of a more resilient cybersecurity ecosystem.

We also commend the government’s focus on protecting critical infrastructure which will contribute to the overall resilience of the nation against cyber threats.

We’re also encouraged to see a focus on national cybersecurity exercises. Simulating cyber threats and responses will help in identifying weaknesses, enhancing preparedness, and foster a culture of continuous improvement in the country’s cybersecurity posture.

Browse our latest issue

Intelligent CISO

View Magazine Archive