iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Cyber Security Connect had to chance to sit down with Sean Duca, vice-president and regional chief security officer at Palo Alto, for a casual chat during the inaugural Australian Cyber Security Summit in Canberra on 1 June to find out where Australia is at on the cyber security timeline, what might end up changing the landscape, and what really matters when it comes to protecting a company’s data.
Cyber Security Connect: Are there any trends in Australia, and what we’re facing at the moment when it comes to security, that are unique compared to the rest of the world?
Sean Duca: I think Australia is no different than any other part of the world. That’s the first point, I think. We’ve probably seen some of the largest breaches in history take place, with Optus, Medibank, and Latitude, and I think that probably puts us on the scale of where the US probably was seven to 10 years ago.
CSC: Which is kind of fascinating as, for better or worse, we do tend to lag behind America when it comes to a lot of trends, both good and bad. We seem to lag a decade or two behind when it comes to some cultural trends, technology adaptation, and now … getting hacked at scale.
SD: Yeah. So I think what’s going to change, if you think back to what was happening in the US about 10 or so years ago, you had some of the large retail breaches take place, we had some of the larger laws really sort of change — and that’s where we started to get notifiable data breaches.
And so where I fear it may go is that we’re gonna start seeing a lot more activity. The media has cottoned on, and it’s reporting on anything and everything that it can actually see; we’re seeing the discussion take place right now around Australia’s new cyber security strategy, and really try to set the benchmark of what great looks like.
I think what the minister is doing, and really trying to say, is let’s actually be that country.
CSC: Yeah, it’s a pretty bold plan — but do you think that’s achievable?
SD: I think, because I’m always sort of a big fan of having the big, hairy, audacious goals because then that actually drives you to do something. I think it’s time that — and I don’t want to say that Australia has been or whatever — to get off the merry-go-round of mediocrity and actually do something that’s going to be fundamentally different and change the way that we do stuff.
Because cyber security, to a certain extent, has really been about incrementalism, at best. So we’ve got another problem, we apply another tool to try to fix the thing. It’s reactive rather than proactive. And I think that’s what we’ve got to start thinking about — how do we really say, “This is what the problem is … we know what the problem is”. Organisations should even start to think about that and have more of a strategy.
So I think we’re growing up. But with that, we’ll have growing pains as well.
But the short answer to your earlier question: I think we’re just at the very nascent stage of where many other parts of the world are, but we are being thrown through this.
CSC: This is probably a bit of a naive question, but will things get a bit worse before they start to get better? Or can we just expect we now need to leave with a regular yearly cycle of large-scale incidents and data breaches?
SD: I think to a large extent, what we’ve actually probably experienced is that kind of line-in-the-sand moment. We’ve had this happening.
You know, we turn around and say, “Oh, damn, someone’s actually got my email address, and whatever”. I’ve got a business card right here that could easily get compromised. But I started to think about, you know, anytime that I’ve rented a property, how much information do I give the real estate agent? So we were going to naturally see a lot more of these come out.
The fear is we wind up drowning the citizens of Australia with noise, and it’s all fear, right? Yeah. And they’re starting to get to this place of, “Resistance is futile; they got my data, so what’s the point of protecting anything?” Whereas I think we have an opportunity to educate people.
What an organisation needs to understand is: what are the crown jewels, where’s it located, and how is it protected? Who’s got access to it? These are questions that have to be answered. Audit directors should no longer have that notion of, “This is all particularly techno-gobbly-gook” or something like that. They should be asking questions. How do you actually protect this?
Because their job as a board director is all about governance.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
