Australia’s cybersecurity, government, and critical infrastructure communities are joining forces in a collaborative effort to uplift the nation’s human-cyber resilience.
Last week DTEX Systems joined the Australian Cyber Collaboration Centre, MITRE Corporation, Providence Consulting Group, Commonwealth Bank of Australia, and other industry and government delegates in Melbourne for a discussion on Australia’s Security of Critical Infrastructure (SOCI) Act reforms.
The event attracted about 200 representatives in critical industry seeking practical advice on how to kick-start their Trusted Insider (Insider Risk) programs and elevate their personnel security—two requirements of the draft Risk Management Program under the SOCI Act.
DTEX Systems Co-founder and CTO Mohan Koo moderated the panel. He said the event was well received and comes at a time when security professionals are crying out for more collaboration to uplift and accelerate cyber resilience.
“A number of folks have said that the content was exactly what was needed for them to kick-start their program with a level of confidence that they’ll be heading in the right direction,” Mr. Koo said. “The biggest takeaway for me is that we’ve finally tipped the scales on collaboration—the whole ecosystem is leaning in now and we’ve set a clear benchmark for what good looks like.”
Never before has cybersecurity been such a hot topic. Recent high-profile breaches across critical industries have proven two important lessons: it’s better to be proactive than reactive, and people are the most important element in securing critical infrastructure.
Indeed, protective security of critical infrastructure is a challenge worldwide. Australia is already ahead of the game when it comes to legislation; the SOCI Act is the perfect example of that. There’s a strong chance other countries will follow suit, as the complexity and frequency of cybercrime escalates.
Collaboration between government, industry and academia offers an opportunity to finally get ahead of cybercriminals to advance global security and resiliency. We hope this event serves as inspiration for more community building and opportunities for knowledge transfer to come.
Key takeaways from the panel:
- For security to work, it needs to be championed from the top down. Culture is everything when it comes to security—intrusive surveillance and dry, ad-hoc style training won’t cut it. In-your-face popups only serve to annoy employees and do little to provide meaningful engagement to mitigate risk. CEOs and board members need to understand the security risk—not just from a technology or budgetary perspective, but from a people perspective. They need to understand and humanise security, and to champion it from the top in a way that is personable and wins the hearts and minds of their employees. This demands strong leadership from executive stakeholders and governance.
- In keeping with the first takeaway, ‘keep it simple stupid’ might be the smartest advice for getting buy-in when it comes to security. By simplifying and humanising the language around insider risk, all parts of the business have a higher chance of buying into the need for security and the willingness to follow policy.
- ‘Teachable moments’ could be the biggest thing in insider threat prevention. As many as 56% of insider threat incidents are a result of plain negligence. In other words, most inside breaches are not nefarious in nature but are happening by accident. Using telemetry that focuses on the interaction between employees and technology, security teams can identify future risk based on intent and taking advantage of ‘teachable moments’ as they occur. This means giving an individual a timely explanation of how their actions could pose a risk—without imparting blame or breaching privacy.
- Collaboration is a must going forward. There is a clear shortage of security workers, particularly insider threat specialists. Collaborating across industry, government and security as well as academia can provide organisations with a competitive edge through practical insights that advance our personnel security. DTEX Systems will be working closely with our allies in 2023 and beyond to this very cause, with a specific focus on building and cultivating a community of insider risk practitioners. If you’d like to get involved, please contact us to register your interest.
DTEX Systems will be supporting and contributing to a subsequent panel in March 2023 to review progress and provide an ongoing forum for sharing insights in the spirit of driving a more secure nation.
Contact us to learn how DTEX Systems protects critical industries against insider risk.