Did you miss the 2011 International Cyber Resilience Conference held in Perth, 1 – 2 August? Hosted by Edith Cowan University (ECU)’s Secau – Security Research Centre – practitioners, academics, and Government agencies Australasia wide converged at The Duxton Hotel, Perth, to discuss and explore issues relating to cyber resilience of information systems, and critical infrastructures. Yet, underlying critical issues like cyber security, risk management, and incident and response recovery was the human factor—us. “Are we now the weakest link when it comes to cyber resilience?”.
Fortunately, for those of you who couldn’t attend the conference, Chris Cubbage and the MySecurity Media team were on hand to capture interviews with key note speakers like Tim Scully, Chief Executive Officer of stratsec, and Head of the BAE Systems Australia Cyber Support Unit. Tim Scully suggests four mind-sets exist amongst employees accountable for securing an organisation’s data. The ‘compliance’ mind-set, for instance, rests easy when all the compliance boxes have been ticked with respect to the installation of antivirus, firewall, and intrusion detection prevention software.
“People believe antivirus software is the be all and end all,” Scully said. “But we know boundary measures that apply to compliance measures can be breeched.”
Graham Ingram, Managing Director of AusCert (Computer Emergency Response Team) at The University of Queensland said, ”A lot of enterprises need to understand criminals are not only attacking file and web servers. They’re also attacking networked machines.”
“Protect the data first,” Ingram said. “That means presuming the network is already compromised and working out what to do about it.”
One of the solutions offered was to introduce role based security—meaning information is classified on a need-to know basis. The rationale being that cyber security issues are no longer coming solely from malicious criminals accessing networked machines.
According to Lee Ward, Vice President and General Manager, IT outsourcing, Unisys Asia Pacific, “Seventy-four percent of employers now perceive the use of personally owned mobile devices as a significant threat to the organisations infrastructure and intellectual property.”
One study that focused on organisations with over 1,000 employees revealed that 64-percent of employers were reluctant to introduce a BYOT (bring your own technology) scheme. They believed their data assets could become vulnerable to viruses from social networks.
Craig Valli, Head of School and a Professor (Digital Forensics) within the School of Computer and Security Science and Director of the Secau – Security Research Centre, Edith Cowan University, Perth, said, “Most cyber systems these days will come under attack at some stage.”
Yet Professor Valli believes it is how an organisation responds to cyber threats and how the system actually survives during an attack that gives it its measure of “cyber resilience”.
Ultimately as private users, employees, managers, directors, and executives who log on, email, Tweet, or use any form of social networking media we need to realise we are the human factor—the weakest link. While that makes us vulnerable it also makes us equally responsible for cyber security every time we use a computer, laptop, phone, iPad, or any other networked or portable data storage device.
To view these stories in full, the MySecurity Media team invites you to visit the MySecurity.com.au 2011 International Cyber Resilience Conference interviews online. With most interviews running no more than five minutes each:
• Tim Scully discusses the four mind-sets that exist amongst employees accountable for securing an organisation’s data and how they impact on cyber security. http://www.youtube.com/user/MySecurityAustralia#p/u/17/XMUp0H-DK1Q
• Graham Ingram outlines why protecting “the enterprise” is paramount and how criminals, who once targeted
home machines, are now changing their trends. http://www.youtube.com/user/MySecurityAustralia#p/u/10/qbonpwNqJ9U
• Professor Craig Valli defines cyber resilience in the face of the human factor and the kinetic effect. http://www.youtube.com/user/MySecurityAustralia#p/u/5/rICR5b8pY1I
In the space of minutes you’ll discover what has taken these distinguished speakers years of experience to learn. And in the face of today’s digital world, never has it been more important to grasp the key concepts concerning cyber resilience for your organisation.