Development of a National Cyber Security Strategy

Yesterday the Honourable Clair O’Neil, the Minister for Home Affairs, delivered the keynote speech to the annual Australian Financial Review Cyber Summit.  Her speech reflected on the last 12 months as a year of awakening for Australians, and Minister O’Neil also spoke of the need for a new National Cyber Security Strategy to protect Australians.  She said “We know we cannot stop these cyber attacks; what we can do is prepare for them so that when they occur we can bounce back better.”

Being prepared for a cyber attack isn’t something that comes naturally to most of us.  If we’ve never taken the time out of our busy lives to understand what data and systems we need most urgently, or which are the most valuable to us, if our businesses are attacked then we are starting behind the 8-ball when the attack does come. 

Minister O’Neil focused on the need to create “Cyber Shields” to protect Australians, and presently these are envisioned to be:

1.       Cyber Awareness,

2.       Minimum Cyber Security Standards,

3.       World Class Collaboration with Partners,

4.       Protecting Critical Infrastructure,

5.       Building an Australian Cyber Skills Pipeline, and

6.       Coordinating Action with Allies.

Detail on these “shields” will be released later this year when the full Cyber Security Strategy is released, however we don’t need to wait before we can begin taking action to improve our own cyber security posture.

Perhaps the single largest improvement we can make quickly, and in a cost-effective manner, is to improve our Cyber Awareness.  Take the time to understand which risks you are exposed to, and educate yourselves, your staff, and your families of how each person can protect themself. 

There isn’t any one size fits all solution here, as each person, business, and industry has different priorities, equipment, and information.  However, here is some very basic items you should consider:

1.       Email: Consider where an email has come from before you open the attachment.  Were you expecting it?  Is the sender familiar?  If in doubt, pick up the phone and call them to confirm that it’s legitimate, but DO NOT use the phone number that’s on the email itself, find one from your other records or from a Google search.

2.       Computer Access:  Who has access to your computers?  Where are they located?  Are they always turned on?  A computer that can’t be accessed also can’t be interfered with, however we need to find a balance between usability and security which is suitable for our needs.

3.       Backups:  Do you have a complete copy of your data at another location?  Is this storage online, or offline?  When did you last test these backups to be sure that they work?

4.       Impacts on Others:  If your business were compromised, what effects would this have on your customers, other businesses, and your staff?  What could an attacker do with access to your systems this way?

If you want to read Minister O’Neil’s full speech, it is on the Department of Home Affairs website at https://minister.homeaffairs.gov.au/ClareONeil/Pages/afr-cyber-summit-18092023.aspx.

If you would like to discuss how CQ Cyber can assist you to prepare for a cyber-incident, please contact us via our website, email, or telephone.