- BRW Lists
Published 24 January 2013 12:22, Updated 30 January 2013 22:01
Australian entrepreneurs should be able to cash in on moves by government and corporates to better protect their vital technology assets. Photo: IBM
Most businesses have underestimated the cost of protection from cyber attack, so there will be opportunities for entrepreneurs, thanks to government measures to bolster the monitoring and investigation of cyber threats, and to enforce reporting by companies of significant losses of data.
The national security strategy unveiled by Prime Minister Julia Gillard on Wednesday will move Australia from being a “light touch” on cyber security to a leader on par with the United States and Britain, the national leader of technology risk at Deloitte, Dean Kingsley says.
The strategy will merge five government departments dealing in cyber security and espionage into one Australian Cyber Security Centre. The costs of that integration will absorb some of the $1.46 billion budgeted for the strategy over the next decade.
However, Kingsley expects a good deal to be spent on improved detection and investigation systems, with Australian tech companies in the box seat for lucrative contracts.
“We’ve reached a tipping point to which government has to respond,” he says. “The level of network connectivity between our transport systems, our key utilities and telcos, is now high enough that an enemy of Australia can attack us more easily by taking advantage of weaknesses in our technology infrastructure than they can by physical invasion.”
Kinglsey welcomes moves towards mandatory reporting of significant data losses, which the government is expected to legislate this year, following a discussion paper issued by Attorney-General Nicola Roxon late last year.
“Companies that suffer a significant loss in the US or UK must report it, which removes the ability for criminals to threaten to make the breach public,” Kingsley says.
Mandatory reporting would highlight and prompt action against the cyber crime threat which businesses, and until recently the government, have tended to downplay, he says.
“It’s vital that businesses ‘harden’ their systems – which simply means applying all of the upgrades that a vendor will supply you to deal with threats as they become aware of them,” Kingsley says.
“The vast majority of organisations never apply those patches, they shortcut on the cost. Or if they do spend the money, they don’t have the right processes to ensure the updates are applied. It’s very easy for hackers to discover that you’re running an old version of a system.
“It’s like keeping your doors and windows open for a burglar.”
The secret to a successful data security strategy is to know exactly what information you are protecting, Kinglsey says, and to realise that threats to it can come from both outside and inside the business.
The threats also require constant vigilance.
“Systems change every day which means potential new security holes open up every day,” Kingsley says.