Story image

Microsoft explores Australian CISOs' most common problems in cybersecurity

06 Mar 2018

Australia needs at least another 500 more cyber graduates to meet existing demand for cybersecurity as CISOs tackle the shortage with a variety of methods that don’t necessarily require a background in computer science.

That is just one of the revelations from Microsoft’s report titled Navigating the new cybersecurity threat landscape, which analyses common trends and issues in Australia’s security sector.

According to the Australian Cyber Security Centre, 90% of companies listed on the ASX have experienced a data breach and overall, cybercrime costs the economy up to $17 billion per year.

With statistics like those presenting a stark warning to Australian businesses, Microsoft brought together a group of CISOs from organisations including Telstra and the Department of Human Services (DHS).

The aim was to discover how cyber threats affect businesses and how they are tackled. The discussion also looked at how businesses are finding and retaining cyber talent in a highly competitive market; how a stronger public-private partner can benefit everyone; and how security is discussed in the boardroom.

The report found that in addition to the 500 graduates Australia needs, CISOs are doing their best to implement graduate training programs and branching out to hire a mix of talent.

Telstra hires approximately 50 graduates every year. After finding that it was difficult to integrate security skills with network teams, the company now embeds professionals in those roles. Telstra says it’s a better solution, but there’s still work to do.

The department of Human Services also faced the stark reality that there weren’t enough trained security graduates in Canberra to meet its requirements. They chose to recruit people straight from school and train them internally.

“Some of our best hires have been people coming out of the Australian Defence Force. These people are strategic thinkers, they have built-in loyalty and they bring a host of other skills that are hard to measure in aptitude tests,” adds DHS CISO Narelle Devine.

DHS’ cybersecurity team also brings together psychologists, lawyers and politics graduates. For education and awareness, a person with a communications major was a better fit, rather than a person with a major in cyber.

“It will probably be two years before we know if this strategy is going to work. We know people will leave because these roles are in high demand but we did the maths and we’ll be ahead if we can keep one in three of those going through training.”

The report also states that the cyber threat landscape in Australia puts phishing attacks, user error, the Internet of Things, and threat groups like the Shadow Brokers at the forefront of emerging threats.

ANZ Banking Group CISO Steve Glynn believes that tracking the number of people who click on a phishing email is to measure the wrong metric.

“We should be focusing on the number of people who report a phishing attack because that turns everybody into a potential early warning system like canaries in a coalmine. That’s a cybersecurity metric we’d all like to see increasing,” Glynn says.

Queensland Health CISO John Borchi is concerned about the Internet of Things in the medical space. Managing the network of critical devices is getting more difficult as healthcare moves out of controlled hospital environments, he says.

DHS is concerned about threat groups and their potential appetite for destruction.

“Everything is moving so quickly but my biggest concern is that The Shadow Brokers are sitting on some clever stuff right now and just waiting to pull the trigger. Some of the global attacks we’ve seen recently were really unsophisticated. What’s coming next?” Devine asks.

The report claims that Australian CISOs are well connected. Define says that she talks to other CISOs every day – a statement that challenges the common perception that competing organisations don’t share information with each other.

The Australian Cyber Security Centre will move to a purpose-built facility this year – a move that will present greater collaboration.

“At its best, security is a team sport, and everybody needs to be part of the solution. They should participate in their own rescue and security should be a celebrated part of organisational culture,” comments Microsoft’s VP of strategic, enterprise and security, Ann Johnson.

While Australian boardrooms may be bringing cybersecurity to the table, some board members still don’t understand cyber.

The report suggests that communication is a major part of tackling breaches. Quick and clear response is crucial, even when organisations don’t have all the answers. Incident response plans are important for communicating with staff, customers, partners, media and stakeholders.

Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."