Funding needed to uplift Australia’s cyber security posture
If the Australian Government wants to realise the its ambitious vision of being the world’s most cyber secure nation, legislation alone is not enough, and appropriately funded programs and bodies are required to uplift Australia’s cyber security posture, according to Liam Dermody, Director of Security, Darktrace.
Dermody's comments follow this week’s budget announcement from the Australian Government.
“Although most of the cyber programs and initiatives were already announced, the Government has provided funding to areas where they have previously stated no new money would be allocated," he says.
"For example, just last month the Minister for Cyber Security said there would be no new funding for Home Affair’s new office for cyber security; however, in the budget there is $46.5 million allocated to a Coordinator role which is to sit in the new office. This could be due to the realisation that."
$101.2 million to support businesses in integrating quantum and artificial intelligence (AI) technologies into their operations.
Dermody says Australia is typically risk-averse in adopting new technologies when compared to its U.S. and European counterparts.
"That is, Australian enterprises’ approach is often not wanting to be ‘guinea pigs’ for emerging technology and would rather technologies be firmly established before looking at adoption," he says.
"With the rapid global acceptance of both AI and quantum solutions, this is no longer a viable strategy as Australian businesses will quickly find themselves far behind their overseas competitors if their approach is not changed.
"Although the details have yet to emerge, any efforts to ensure Australia is remaining competitive on the world stage, especially during the current economic environment, can only be a good thing.”
$23.4 million for the ‘Cyber Warden’ program which is aimed at training 60,000 small business employees to be in-house Cyber Wardens.
Aimed at building cyber resilience of small businesses, Dermody says the free program will involve online training for non-technical employees on how to identify and manage cyber risk.
"Given all the much-warranted focus on regulation, it is a positive sign that the Government is also looking at creating resources to assist businesses build their cyber security posture," he says.
"In particular, the focus on uplifting cyber resilience of small businesses is key. Small businesses are often subject to the same cyber-attacks as large enterprises, but lack the same funds and personnel to prevent, detect and respond to them.
"Closing this cyber defence skill gap in Australian businesses is a great first step, with Australian businesses of all sizes likely to welcome further Government assistance in enhancing their cyber security posture.”
$46.5 million to establish the Coordinator for Cyber Security within the Department of Home Affairs.
Dermody says this previously announced position is aimed at giving Australian businesses and families confidence, stability and security, in the face of rapidly evolving threats.
Details as to the specific nature of the role are yet to be announced which may be due to the yet to be finalised 2023-2030 Australian Cyber Security Strategy.
"That being said, Australia has desperately needed a centralised coordination point for cyber security – akin to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) – for a number of years," Dermody says.
"Whilst the ACSC has provided some level of coordination, its Government and tactical focuses make it difficult for it to be as wide-ranging as the Cyber Security Coordinating proposes to be. The Coordinator role should focus on cyber security enablement at all levels, building upon cyber uplift programs such as the Cyber Warden program also announced in the budget.”
44.3 million for the Office of the Australian Information Commissioner to assist in enforcing regulations and building up its data analytics capability. It will also help support the previously announced standalone Privacy Commissioner.
“This building up capability at the OAIC should come as no surprise, given this Government’s efforts in firming up legislation on data breaches and digital privacy," says Dermody.
"The much-needed focus on bringing Australian digital and privacy legislation in line with international standards is only effective if the relevant agency has the resources to enforce regulation and investigate non-compliance.
"Hopefully, this signals to businesses in Australia to take the upcoming digital privacy reforms seriously.”