Sector training, further investment required in Australian Budget - A/NZ cybersecurity vendors
There needs to be greater assistance for businesses to protect their employees and intellectual property with better tech solutions requires to support Australian security.
That's according to Jim Cook, ANZ regional director at Attivo Networks, in response to the Australian Government's 2021 Budget announcements this week.
"There is much work to do in Australia in terms of budgeting for cybersecurity. The world is changing, borders are strengthening and nation states are using the internet to gain access to secrets," he says.
"The US recently pointed the finger at some Russian organisations for the devastating SolarWinds attacks. We will no doubt see more of this in the years to come and the Australian government is prudent in its budget decision to continue investing in cybersecurity defences, although interesting that there is more budget available to promote electronic billing than there is for cyber.
"However, it would be great to see better assistance for businesses of all sizes to protect their employees, customers and assets."
Cook says budget funding, awareness and technology solutions are "sorely needed" today to support Australian business cybersecurity.
"It is unrealistic to expect small businesses owners to stay on top of the cyber threat so making it easy and cost effective to access commercial organisations who can manage their security for them is critical," he says.
"More tax incentives would certainly lift the priority in business owners minds and it's important to remember that small organisations often service larger ones and have direct connections into them."
Cook says this can be seen as a weak link in supply chain security and so SMBs should be considered to be as vulnerable and critical as larger organisations.
"For larger organisations, the continued focus on holding the board accountable for loss of customer data and providing a framework of controls against which the organisation can be audited has proven to promote a better level of behaviour and investment," he says.
Cook says at the same time, demand for cyber security skills needs to be satisfied with new talent entering the ranks of the industry.
"Funding is sorely needed to remove the hoodie wearing image of cyber, attract those already in IT to consider a move across to cybersecurity as well as encourage more women and those living in remote communities to consider a career in this exciting sector," he explains.
"As Australians, we can't rely on importing overseas talent to fill the demand so we must invest in our own or risk being vulnerable to attack."
The Government has announced an investment of $50 million to boost government and data centre cyber security defences
Budd Ilic, regional director government, Zscaler, says that while this is significant, there still needs to be further investment.
"Particularly because of the escalating frequency of cyber attacks on not only government entities such as the two high profile attacks on the Department of Parliamentary Services but also among organisations that provide critical infrastructure in Australia," he says.
Ilic says there also needs to be an ongoing review of how effective the spending on cybersecurity has been in recent years.
"We now live in an agile, flexible and highly mobile world in which the applications and the users have "left the building". While the federal government in this budget has announced an upgrade of digital service delivery, the government needs to focus on provisioning the kind of secure and trusted connectivity to business information that is as comfortable and effective for mobile users connecting to information in the cloud as was the case when everyone was office bound and all applications and data lived in a government datacentre," he says.
"While the nature of connectedness has changed, so must the design and delivery of strategies and tools that bring both new flexibility as well as all of the security and confidence that people and organisations, especially governments, need and expect," Ilic says.
"We would encourage the government to focus on best of breed cloud-based cybersecurity strategies in order to deliver on an improved security posture for a more mobile workforce and a better digital platform.
"This will ultimately deliver service improvement across the public sector whilst ensuring a higher level of security," he says.
Ilic says the government should continue to invest in developing local cyber skills and talent.
"This is one area of IT where there is a significant shortage of highly skilled people. The way that it can be done is by investing in cybersecurity education in schools and universities as well as incentives for organisations to encourage employees to obtain new skills," he says.
"Ultimately, Australia should have strong ambitions and a plan of becoming a global centre of excellence for cybersecurity skills and expertise and budget accordingly."
Ashley Diffey, head of APAC and Japan at Ping Identity, applauds the government's investment in supporting the Consumer Data Right in the financial services, utilities and telecommunications markets, which he says should assist organisations in these industries to deploy technologies that balance consumer demands for access to services with protecting those same customer identities and data from harm.
"Indeed, the optimal solutions will see identity and access management playing a key role, allowing customers to prove their authority to access services and protect their privacy while preventing malicious actors from nefarious behaviour," he says.
"At the same time, we strongly encourage the government to continue investing in cybersecurity awareness among both businesses and citizens.
"As the international border is likely closed for many more months yet, the government would be wise within this budget to direct investment at scale towards upskilling cybersecurity skills and encouraging careers in IT security among indigenous communities and among women who are still vastly underrepresented in the industry," Diffey says.
"Finally, in Australia, we take it for granted that children are taught to swim at an early age as the risk of drowning is a real one with such a vast percentage of the population living within easy reach of bodies of water.
"If we consider that all children today are exposed to technology in the same way, teaching younger generations how to work with technology and manage cyber risk is akin to being able to swim.
"We need to do all we can to ensure that Federal Government funding for educating our youth on STEM skills is maximised to the very last dollar so that every child knows how to use technology wisely as soon as possible and that our youth can truly benefit from living in an inclusive, digital, global community."
Mark Lukie, APAC sales engineer manager at Barracuda, welcomes government investments in AI technologies to help protect Australian businesses and government online services.
"With more and more attacks targeting digital assets such as web applications it is imperative businesses can protect themselves against evolving threats," he says.
"We would like to see security being taught at a grass roots level with cybersecurity and awareness training becoming part of curriculums to educate students and prepare them to enter the workforce whilst protecting their online presence.
"Investments in connectivity in regional areas will allow smaller business access to corporate environments in a more resilient and secure way by employing SD-WAN technologies and combining security at the branch."
Glen Maloney, ANZ regional sales manager, ExtraHop, adds, "In the wake of the recent attacks on the healthcare sector as well as the ongoing threat of nation-state attacks, it is promising to see the budget continuing to highlight cybersecurity as a sector for investment.
"However, the federal government needs to accelerate its collaboration with the technology industry to increase cyber awareness, share timely and relevant threat information, and partner with the private sector as well as industry associations to create a strong pipeline of future cyber talent.
"A federal government-funded campaign that focuses on educating Australian business in cyber threats should also be put in place to ensure business leaders and employees are informed of the imminent risks of cyber attacks and the potential impacts to their operations," he says.
"Moreover, as cybersecurity can never take a day off, we must be constantly vigilant to ensure that what our students are taught in higher education is ultimately effective in real-world cyber security. The federal government could take steps to collaborate with the sector and provide additional higher education funding to fill this void through industry placements."