iscover
ReporterShare this article on:
Powered by
MOMENTUM
MEDIA
As part of a national approach to combating rising threats online, Telstra boss Andy Penn has called for cyber security skills to be included in Australia’s curriculum and taught in schools across the country.
In his final address as head of the national telco, Andy Penn noted that there had been "insufficient progress" in areas of the former government's cyber security strategy and urged that the work must be "accelerated".
In a speech at the National Press Club, Penn, who is chair of the Cyber Industry Advisory Committee and outgoing CEO of Telstra, said "combatting cyber security, improving the security of increasingly digital government service delivery" are key.
"A lot of the work under the strategy to date has been focused on what business needs to do to improve its cyber defences, particularly critical infrastructure operators.
"At the same time, it is important government makes progress to harden its own systems and cyber defences.
"In asking Australians and Australian businesses to support the strategy, government needs to be a role model in its own operations," Penn said.
With the perpetually increasing risk of attack on the "cyber sphere", Penn explained the focus needs to be broadened to focus on the grassroots level.
"We are going to need to do this right the way across the spectrum from deep cyber expertise to basic cyber hygiene practices, through our schools and universities, governments and industry, and we are going to need to do it fast," Penn said.
Commenting on Penn's National Press Club cyber security address, Ajay Unni, cyber security expert and CEO of StickmanCyber, noted that while we need to reflect on past incidents, he found it "concerning that Penn referenced a cyber attack that happened back in 2020 (Toll) when more recently there have been numerous ransomware attacks targeting universities, healthcare and other sectors in 2021-22".
"It is not surprising that social engineering emails have resulted in a $80 million loss across Australia businesses in the 2021 financial year.
"Humans are always the weakest link when it comes to cyber security and business leaders are still not doing enough to prioritise training and awareness to ensure their employees know how to identify and report social engineering threats to prevent them from turning into a full-blown cyber attack."
With over 30 years of IT industry experience, and 15 years as a cyber security specialist, Unni founded StickmanCyber. In 2020, he was selected for the NSW government's Cyber Security Task Force and also contributed to the 2021 NSW government cyber security Strategy.
Businesses need to recognise the importance of threat intelligence and threat hunting, Unni continued, to enable "new and growing cyber threats are identified and dealt with", as cyber threats continue to evolve.
"Remote working has severely impacted the information security of organisations, creating numerous vulnerabilities that can be exploited by cyber criminals.
"Mobile malware is a growing threat because many employees now access corporate networks via their personal devices due to a shift to remote working."
Unni also highlighted that Penn had noted that "about 80 per cent of Australian businesses experienced a ransomware attack in 2021". However, Unni explained the statistic comes from the Sophos State of Ransomware 2022 report, in which Sophos surveyed only 250 Australian businesses, with 80 per cent of respondents answering "yes" to experiencing a ransomware attack in 2021.
"These kinds of statistics, when misrepresented, can be extremely deceiving.
"If 80 per cent of all Australian businesses suffered a ransomware attack in 2021, we would be struggling to function as a country.
"It is important to have accurate data and statistics to back up claims when referencing ransomware and cyber attacks to ensure the public and business community is not misled."
[Related: Motorola awarded $60m to bolster NSW state emergency cyber security network]
Be the first to hear the latest developments in the cyber industry.
