14 August 2018

Maintaining ongoing cyber security within government organisations

Author :















Sometimes, the biggest misconceptions with cyber security are to associate products and services with an ideal cyber security strategy and create a bulletproof level of confidence.  However, most of Australia's ASX 20 organisations including the top four banking institutes, financial services, capital markets and of course the government sector couldn't be further from the truth.

Let’s take a look back over the last couple of years and months - recent hacks have compromised some real sensitive details such as payroll information, user personality tests, medical records, performance reviews, drivers’ licenses, personal addresses etc.  As you can think, organisations at this tier spends millions on cyber prevention however, organisations get involved in an incredible amount of cyber security risk and breaches.  Why?

Often at times people talk about ‘people’ being the weakest link in the cyber security chain.  I disagree.  People aren't the weakest link if they are utilised correctly.  "IT" people see users as liabilities, however, "IT" people do very little to empower, educate and create recurring moments where if users see, or feel something wrong is happening they challenge the situation.  In most cases attacks happen in less than 2 hours by doing a targeted attack on an individual.  Creating a level of pain, or associating a level of discomfort where the user will likely want to know "more information" and getting the user, to do a certain action which essentially causes the breach.

Using and complying with ISO standards is a good starting point, but as anything else it needs more attention.

As part of our cyber security strategy the number one tactic many organisations use is: to ensure they are ISO compliant –making sure they are following the "frameworks and industry best practices to prevent attacks" however, it doesn't seem to do much.  Having policies, documentation, standards and processes doesn't mean anything.  I'm here to give you the understanding that attacks are real and guess what - organisations are doing exactly what each other are doing - they are following one another and are in a state of what I call "mob mentality ". Organisations should rather be in their own dedicated cyber security tier and develop specific strategies that align with their core business challenges.

Sometimes the best strategies and tactics to developing a winning cyber security strategy is often having minimal and simple technology and no flashy lights.  -Not wanting to have the latest and greatest but implementing clear and simple strategies that can take your organisation from a somewhat

I can't wait to share with you some tactics that cost literally $0 to implement and give you a real false positive notification of an actual threat taking place.

Still interested? Come and see my workshop on Maintaining ongoing cyber security within government organisations at the Digital Government WA Summit 2018, Perth from the 4-6 December.

Still interested? Stay tuned for information on upcoming conferences and summits by following us on Facebook @ Akolade Aust 

Written by: Andrew Constantine, Founder & Managing Director, CIO Cyber Security 

Andrew Constantine is the founder of Australia's Largest Private Community of technology leaders specialising in preventing cyber security threats with more than 3,000 private members.  His vision is to improve traditional cyber security education by introducing the real world approach.

Being the author of the CIO Solution Book - This was followed by the launch of CIO Cyber Security, a private advisory firm designed to help fellow Technology Leaders raise more cyber security awareness to executive management, by running simulated cyber security attacks and cyber warefare scenarios in a controlled environment.
 Andrew is an advocate of giving back to the community and supports Bear Cottage -fundraising and supporting children with life-limiting conditions.


No comments :

Post a Comment