Cyber resilience- A growing recognition

There is increasing activity at Government and policy levels concerning Australia’s future resilience to Cyber threats. However, the threats are already out there and even recently a major ransomware attack was received by many businesses and individuals alike. Ransomware effectively makes your computer and connected systems unusable and demands money to make them available once more.

Firstly, NEVER pay these criminal sydicates money! The can neither be trusted with your credit card details or even to just do as they claim, to release your computer for further use.

Everybody have valuable data and should be protected by regular backups, appropriate Anti-Virus software suites, vigilance on the user’s behalf and good corporate policies.

At the national level

There has recently been several key developments in the Cyber Security space which may start to impact various organisation’s compliance and legal requirements.

In the Australian context, our current cyber resilience strategies consist of a patchwork of regulations. They apply to different entity structures and mainly consist of general obligations to manage risk and act with reasonable care.

Whilst the Australian government has yet to enact any Cyber Resilience legislation, various regulators have increased their vigilance in these areas. This is evidenced by the release of several key reports including the following:

• Release of Australia’s Cyber Security Strategy (CS Strategy)
• ASIC’s second white paper on Cyber Resilience – Report 486
• Australia’s 2016 Defence White Paper with a focus on increasing Australia’s cyber capabilities.

In particular, the release of Australia’s CS Strategy on 21 April 2016 has further established the government’s immediate concern in tackling threats to Australia’s critical infrastructure. This strategy centres around the following five themes of action, delivered through thirty-three action plans.

A national Cyber Partnership – Governments, businesses and the research community together advance Australia’s Cyber Security.
Strong Cyber Defences – Australia’s networks and systems are hard to compromise and resilient to cyber attacks
Global responsibility and influence – Australia actively promotes an open, free and secure cyberspace
Growth and innovation – Australian businesses grow and prosper through cyber security innovation
A Cyber Smart nation – Australians have the cyber security skills and knowledge to thrive in the digital age.

At the organisational level

Cyber Security is not just an IT risk; “something that the IT people have to look after.” It is an enterprise-wide risk and it impacts both small and larger organisations. It encompasses:

• People and culture
• Information management
• Systems controls and
• Operations and service deliveries

CS health check

At the organisational level, some key questions need to be asked by senior management and governing bodies:

1. What are our legal or compliance obligations under the present structure?
2.   Are cyber risks an integral part of the organisation’s risk management framework?
3.   How often is the cyber resilience program reviewed at the board level?
4.  What is the level of awareness of our people?
5.   How adequate are our human capabilities (both at governance and operational levels)?
6.   How adequate is our IT personnel/ outsourced IT provider’s capabilities with regards to cyber threats mitigation strategies?
7.   Are outsourced IT providers adequately accredited? (The government encourages entities to get their IT systems tested by CREST)
8.   Has our organisation performed an IT security health check through an accredited entity? (The Government has stated it will support small businesses to have their cyber security tested.)

We would be pleased to start a CS discussion with your organisation about the Cyber Threats and IT risks you should be managing. We can help to map out a cyber resilience plan. Please feel free to contact your Saward Dawson manager who can then put you in touch with our CS people.