Cyber Security
CYBER SECURITY IN 2017 2 By Ricki Burke
016 was an interesting year in Information Security. I feel like it was the year being hacked became normal. We saw a variety of attacks targeting a variety of victims, ranging from a single person hit with ransomware, to the unprecedented DDoS attacks that took down a massive chunk of the Internet on the U.S. Eastern Seaboard. We also saw the U.S. election process’s integrity called into question, where the Senate Republican leader is now backing an investigation into whether Russian hackers influenced Trump’s victory. So, what will 2017 bring? More of the same? We’ll certainly see more data breaches, more hacks, new threats and vulnerabilities to old and new technologies, all of which need. What looks exciting is the further development of technology, such as IoT drones, AI and Blockchain. This year I think that organisations will become better prepared, especially as they start working with security as opposed to against it – this is because communication lines will be opened up as the business gains a level of awareness about cyber threats. Mario Bekes, Managing Director of Insight Intelligence, told Insurance Business, “We have seen a growing awareness from firms of the need to look at their cyber security from a people perspective and not just an IT perspective”.
What’s Changing? We hear about the skills shortages in cybersecurity, but what does it mean? Is it just a lack of people or does it
42 | Australian Cyber Security Magazine
go deeper than that? It’s been explained to me many times, “That it’s not the lack of people, it’s the lack of good people”. I think there is a shortage of people, but we must look deeper at the type of roles and people required. What has become apparent is the lack of Security awareness within organizations. Some organizations are now starting to do something about this. For example, a company called Enex Carbon based in Melbourne is focusing on the human element of Information Security not just technology, and offers security culture and awareness as a service. In 2017, we’ll see more of a shift from technology to looking at people. People are the biggest weakness but could be the biggest strength in this industry. Historically, Security has been the department that says "No" and that may be due to how agendas/reasons/initiatives sometimes haven’t been explained to the Board in a way that they care about and in their language. For the industry to succeed and be the enabler it can be, it needs a variety of people and skill sets. There is a big push for more females in the industry and rightly so, as per article from Booz Allen Hamilton, Information Security is made up of only 10 % female. What is required is the ability to bridge the gap between understanding what Security wants to achieve, explain what is going wrong or what could go wrong and understanding what is critical to the Board. Telling a Board, you want to spend $x on a product because it’s a malware detection tool to identify malware endpoints, isn’t going to fly (I know the conversations would be deeper than that, at least I hope). If you want to get sign off, you’ll