Unlike what the sitcom Parks and Recreation‘s actors sing in its last season—”don’t be suspicious” (the song that went viral on social media), we’d say be suspicious when it comes down to cybersecurity. Cyberattacks are becoming more ingenious, and being aware of these threats can make a huge difference in security.
On Tuesday (29 March), the Australian Government announced a $9 billion cybersecurity and intelligence package in the 2022-23 Federal Budget as concerns grow over global threats. The Australian Security Intelligence Organisation (ASIO) recently shared a post about foreign spies targeting Australia’s defence industry online and in person. It’s common to assume that this threat exists only when an external organisation targets your network—but that’s not necessarily the case.
The latest report from the Office of the Australian Information Commissioner (OAIC) stated that 41% of all cyberattacks in 2021 resulted from unauthorised user actions. This means the threat does not reach us from foreign shores only—it originates within our workplaces, often without intent. This looks like:
- Clicking email links to access elevated privileges
- Sensitive information emailed to the wrong recipient
- Unintended release or publication
To deny, deceive and degrade this threat, cyber risk must scaffold business processes—providing a foundation as critical to the success and resilience of an organisation as Work Health and Safety (WHS) or physical security. At PAC, this means:
- Cybersecurity risk is owned and treated at all levels of the organisation
- The Executive Leadership Team defines the approach to cybersecurity and develops Key Performance Indicators to ensure business continuity
- IT no longer has its traditional insular culture; instead of working collaboratively to translate complex cyber risks and enable a learning and adaptable culture of security
- Daily processes promote a culture of security for ourselves and our customers
Recent history demonstrates that the cost of remediation once breached far outweighs the cost of prevention in tangible (time, revenue, profit) and non-tangible (reputation, future sales) areas. As technology improves, so do the tools available to cybercriminals. Thankfully, the accessibility of defensive and preventative cyber measures is also enhanced, and the cost of implementing these measures decreases continually. There’s no defensible argument for the lack of mitigation strategies with that in mind. We don’t leave our office doors unlocked at night, so we can’t leave our digital infrastructure unprotected.
Under our Mission Enabling Services (MES) capability, we’re proud to be recognised by the Information Communication Technology Security Board (ICTSB) as an operational cybersecurity leader in the Defence industry. We’re passionate about cybersecurity and always seeking like-minded professionals to join our team. If you’re interested in working where a security culture exists and thrives at all organisational levels, visit our Careers page, and submit an EOI.