A Call to Action for Cyber Resilience

In today's fast-evolving landscape, technology has become an inseparable part of Australian life. It weaves a digital thread that connects our cities, workplaces, schools, and homes. The mobile devices we carry in our pockets are no less than supercomputers. Technological progress has transformed tasks that once took hours into instant operations accessible through a web browser. From checking on our pets at home to shopping around the clock from the comfort of our living rooms, even remotely screening visitors at our front doors, the possibilities are endless.

As we delve into the discussion paper for the 2023-2030 Australian Cyber Security Strategy (the 'Strategy'), we focus on the realm of 'cyber.' This encompasses the digital conduit through which Australians engage in a wide array of activities, including shopping, banking, working, education, and healthcare. However, 'cyber' also serves as a channel for crime, foreign interference, espionage, disinformation, and misinformation. Cybersecurity emerges as the safeguard that fortifies the digital foundations of our world. We seek your valuable insights to guide recommendations for the government in shaping robust cyber security measures. These measures aim to bolster and fortify our collective cyber resilience, both within Australia and across the region.

Our national resilience, economic prosperity, and security hinge on our ability to establish the right cyber settings. An impressive 99% of Australians now have internet access, and the onset of the COVID-19 pandemic accelerated our shift to a digitally connected world. The adoption of digital technologies by various organizations leaped ahead by three to seven years in a matter of months. This acceleration not only benefits our collective resilience but also provides a substantial boost to the domestic digital economy. In 2022, the Australian cyber market contributed approximately $2.4 billion in Gross Value Added (GVA), with the sector's GVA increasing by 11% from 2020 to 2022. Projections from CSIRO suggest that Australia's cyber security revenue could reach $6 billion per year by 2026.

The surge in cyber security revenues and employment has far-reaching benefits for various domestic sectors and sovereign capabilities. Cyber security professionals play a pivotal role in securing technologies, protecting valuable intellectual property, and instilling trust in Australian technical products and services. Their significance extends to emerging fields like quantum technologies, artificial intelligence, biotechnologies, and robotics, where they enable the development of secure sovereign capabilities for Australia and international supply chains.

While the digital world offers boundless opportunities, it has a darker side. Just as Australians rapidly embraced digital goods and services, cybercriminals and nation-states have capitalized on the vulnerabilities of this connected world. They are agile, skillful, and adept at exploiting weaknesses, both in software and human behavior. According to the Australian Cyber Security Centre's (ACSC) 2021-22 Threat Report, an incident was reported on average every 7 minutes, with over 76,000 cybercrime reports in 2021-22. Cyber-enabled crimes such as romance scams, business email compromise, ransomware, and phishing emails have successfully targeted organizations and hard-working individuals, resulting in identity and financial theft.

Ransomware, extortion threats, espionage, and fraud now pose significant risks to Australian organizations, regardless of their size. A stark example of this occurred in September and October 2022 when cybercriminals breached the personal data of over 9.8 million Optus customers and 9.7 million Medibank customers. The magnitude and gravity of these breaches catapulted cyber security into the spotlight, both in boardrooms and living rooms. These incidents underscored the government's need to enhance its response capabilities and establish effective frameworks, given the widespread compromise of personal information, including identity data, affecting countless Australians. Although the companies suffered the immediate impact, it is their customers who bear the brunt of these insidious crimes.

These breaches emphasize the urgency of strengthening our laws to recognize the pervasive data collection and the shared responsibility of government and industry in fortifying networks and protecting our economy. The Strategy must prioritize the protection of customer data and ensure that all organizations implement the necessary cyber security measures, making Australia the most cyber-secure nation globally by 2030. Moreover, we must address the legal and policy aspects that disrupt the ransomware food chain and related demands from cybercriminals.

The protection of critical data, systems, and infrastructure is a collective responsibility. It involves governments, large organizations, small to medium businesses, academia, and society as a whole. This means not only adhering to best practice operational standards, raising awareness about online scams, and ensuring the security of connected devices from the design stage but also addressing current and future cyber security threats collaboratively.

To elevate and sustain cyber resilience and security, we must engage in a comprehensive national effort. Governments, individuals, and businesses of all sizes must unite and coordinate their actions. Our shared objective is to create a digitally secure Australia and extend that security to our regional partners.

#business?#share?#cybersecurity?#cyber?#cybersecurityexperts?#cyberdefence?#cybernews?#cybersecurity??#blackhawkalert?#cybercrime?#essentialeight?#compliance?#compliancemanagement?#riskmanagement?#cyberriskmanagement?#acsc?#cyberrisk?#australiansmallbusiness?#financialservices?#cyberattack?#malware?#malwareprotection?#insurance?#businessowners?#technology?#informationtechnology?#transformation?#security?#business?#education?#data?#consulting?#webinar?#smallbusiness?#leaders?#australia?#identitytheft?#datasecurity?#growth?#team?#events?#penetrationtesting?#securityprofessionals?#engineering?#infrastructure?#testing?#informationsecurity?#cloudsecurity?#management?