Three keys to securing our cybersecurity future

Now that the election is over, it’s time to get back to business and implement the Cybersecurity Strategy.

Malcolm Turnbull has vowed to make Australia a world leader within the world of cybersecurity. In order to achieve this, the government has implemented a Cybersecurity Strategy that identifies five pillars for action over the next four years — a national cyber partnership, strong cyber defences, global responsibility and influence, growth and innovation, and a cyber smart nation.

Having been actively involved in the ISACA submission to government, I believe there are three critical components to ensuring the strategy is implemented effectively and efficiently — public-private partnerships, addressing the skills gap and adequate funding.

The government will need to ensure public-private partnerships are formed. That said, ISACA’s 2016 Cybersecurity Snapshot revealed that 73% of ANZ businesses oppose giving governments backdoor access to encrypted information systems and 60% feel privacy is being compromised in an effort to implement stronger cybersecurity laws.

A good example of this is how businesses responded to the draft Bill on reporting data breaches, outlined by the Office of the Australian Information Commissioner earlier this year. Large corporates were adamant that it needs to clearly define the parameters for notification, which currently are too subjective and open to interpretation.

Pleasingly, the strategy states that the “private sector will also be asked to help design voluntary cybersecurity guidelines that outline good practice”. While ISACA has a significant knowledge base to inform the development of these guidelines, one can only hope the call for cybersecurity guidelines will also engender a desire to upskill cybersecurity employees. I say this because ISACA continues to note that the cybersecurity skills gap is getting worse.

Across the globe, one in four security professionals have indicated that it takes six months to fill a cybersecurity role. Locally, 47% of ANZ businesses surveyed report they are hiring more cybersecurity professionals in 2016, yet 94% say it will be difficult to find skilled candidates.

The most effective way we can narrow this gap is to focus on one primary course of action — skills-based training. Job candidates seem to lack the technical skills they need for the reality of cybersecurity. I applaud the government’s pledge to establish ‘academic centres of excellence’ in universities and its plans to partner with the private sector and state governments to create cybersecurity apprenticeships in TAFEs. ISACA, too, is assisting in closing the skills gap by providing complimentary global access to its Cybersecurity Study Guide, which enables students and instructors to develop a comprehensive understanding of the principles that frame and define cybersecurity.

Further to this, upskilling those already employed can reduce time trying to find staff in a shallow pool of applicants, where determining skill level can often be challenging. ISACA developed Cybersecurity Nexus (CSX) as a one-stop, vendor-agnostic resource for cybersecurity leaders who want to develop their teams and individuals who want to advance their careers. By investing in skills-based training for cyber professionals, organisations are helping to create a robust workforce whose skills we can trust.

Last, I urge the government to put adequate funding behind the initiative. The IT community’s main criticism of the strategy is that the funding will not be enough to implement the key initiatives, which risks Australia being left behind the rest of the world in innovation and growth while cyberthreats continue to cost businesses and consumers billions of dollars.