Working alongside the Prime Minister's special adviser for all things cyber gives Jacob Boyle a unique perspective on the Australian government's role in securing the country - not just with all the services offered by government but also in working with businesses and the security industry.
During the Emerging Cyber Threats Summit held in Sydney during June 2017, Boyle discussed where the country is at in protecting itself from emerging threats and how work on implementing the fully-costed cybersecurity strategy is progressing.
The strategy, costed at over $200 million consists of 33 initiatives. Boyle said a recent review found that work on six of the initiatives has been completed with "pretty good progress" made against a further 11.
"Each of these initiatives will help to foster and enhance security culture across Australia as well as foster digital investment to harness the economic and social innovation that this space will bring," added Boyle.
By working with industry, businesses and vendors across the entire information security gamut, Boyle says the team he is in looks at what is working, what isn't working and puts their effort where it is needed. For example, as part of the assessment of the national cybersecurity strategy it was recognised that more needs to be done to get small to medium businesses engaged - a theme that was reiterated several times during the summit.
Other areas Boyle said required further attention were understanding the vulnerabilities within our critical infrastructure and communicating who does what in government when it comes to implementing the strategy.
One of the big trends Boyle identified was the increasing use of mobile data by individuals and businesses. Data he presented showed that we used over seven exabytes of data last year - if every word ever spoken by humans was stored it would only take up five exabytes.
And while this highlights our increasing use of data, it also represents a growing threat surface that can be exploited. For businesses, it represents both an opportunity and a risk. And as well as being a board issue in business, it is also on the Prime Minister's agenda with several senior bureaucratic appointments and the establishment of the ACSC.
Although the review of the cyber security policy found SMBs aren't yet getting the message, an audit of the hundred largest businesses on the ASX has been completed to establish a benchmark for cybersecurity preparedness.
The review of the strategy has identified changes in nature of the threats facing Australian businesses. Ransomware, credential harvesting, spear-phishing, attacks on managed service providers and interference in political processes have all emerged as rising threats. DDoS attacks using IoT devices was also noted.
Sign up for Computerworld eNewsletters.