A new mindset for cyber security

Michelle Price, CEO of AustCyber believes that the conversation around cyber security shouldn’t be about fear and anxiety, but should be about opportunity and economic growth. Logistics & Materials Handling finds out more.

Former FBI Director Robert Mueller famously said that he was convinced that there are only two types of companies: those that have been hacked and those that will be.

Cyber security has never been more important and news of organisations falling victim to some kind of data breach or compromise is in the media almost daily.

Attacks such as the NotPetya Ransomware Attack in 2017, which significantly damaged global shipping giant Maersk, demonstrate the ramifications of not taking cyber security seriously are.

According to a statement released by Maersk the total cost for dealing with the attack was almost $400 million and operations were impacted in four different countries with operational issues lasting a number of weeks.

Similarly, the WannaCry attack in May 2017 cost the NHS in Britain almost $200 million with 19,000 appointments lost.

For Michelle Price, CEO at AustCyber, cyber security presents Australia with an opportunity to flourish in an ever increasingly digital world.

The Australian Cyber Security Growth Network (AustCyber) is the industry-led Cyber Security Growth Centre, one of the centres under the Australian Government’s Industry Growth Centres Initiative.

AustCyber works with organisations across the economy to ensure that Australia is a global industry leader. “Our mission is to grow Australia’s cyber security sector, we want to help Australian businesses to help them grow their business but also to make sure that they are best-placed to make Australia a chosen place for global organisations to do business,” Michelle says.

For Michelle, it’s as much about growing jobs and the local economy as it is about resilience. “Our work is often around spreading awareness among businesses about why cyber security is important from an economic development point of view,” she says.

Resilience and logistics

Michelle believes that some of the best examples of organisations grasping cyber security and its importance can be found in the logistics sector. “There are some great examples in the logistics and materials handling sector but also for those companies who are yet to implement cyber security, they are very well placed in this sector to do so,” she says.

No sector understands the depth and breadth of global supply chains as well as logistics, Michelle says. “They can understand it a lot quicker than many organisations as it’s usually already at the centre of their infrastructure. Resilience is key to any successful logistics organisation so logistics organisations usually just get it from the get-go.”

Logistics organisations have been forced to stay ahead of the curve with regard to digital transformation. “The likes of Toll, AusPost and Linfox have all had to engage with data and use it as a point of difference in their offering, in many ways this industry is more advanced than others in its understanding and ability to leverage the benefits of cyber security,” Michelle says.

Breach or compromise?

While there is a lot of fear and anxiety around cyber-attacks Michelle believes it is important to distinguish between a data breach and a data compromise.

“A breach is when someone has access to data but has not taken or changed anything. A compromise is when something has been taken or has changed,” Michelle explains.

A breach can happen in many different ways, but according to Michelle it is often not the organisation that realises there has been a breach. “Usually it’s a customer or supplier, or in some cases the government, that informs an organisation that there has been a breach of data. In fact, the average time from when a breach happens to when it is discovered is 208 days.”

There are serious ramifications for organisations that do not build resilience around cyber security.  “If you take the example of Maersk and the losses they experienced after the attack. If that was an Australian organisation they would be done. There’s the reputational damage, not just to consumers but also to suppliers, the hit to the share price, the list goes on,” she says.

However, according to Michelle it’s not just financial risk. As organisations move more towards automation there could also be human lives at risk. “There can be many unintended consequences if a hacker compromises data or changes something and people do not know. Trains derailing, trucks driving into trees, these are real risks,” she says.

Cyber security as an opportunity

For Michelle, if organisations don’t engage soon then they will miss out. “This is about every organisation, every entity. If you pay bills online, or if you manage a huge global supply chain you are still at risk,” she explains.

It’s not just about IT professionals, but everyone plays a role. AustCyber is working the VET sector to ensure that every trade job in the country has an understanding of what cyber security is and what their role and responsibility is in making Australia resilient.

It’s also about upskilling the current workforce, and Michelle and her team at AustCyber are working hard to get the message out that cyber security is meaningful and an opportunity.

For Michelle, Australia is very well-placed to grasp the opportunities presented to engage global business and although Australia is a very trusted and trusting country. However, when it comes to cyber security this does present some issues.

“In a social context, Australia is very trusting. In romance and fraud scams Australia is among the top ten nations in the world that are affected. In some ways, we can be naïve in social contexts, which gives malicious attackers an opportunity to get access into organisations in straightforward, low cost ways – that is, we often make it too easy for attackers to get in,” Michelle says.

There is also a sense that as Australia is so far away from the rest of the world, it’s not something that is happening here, but according to Michelle this is not the case.

Another important factor for local organisations selecting a cyber security provider is that they look to engage an Australian-based organisation. “If organisations look overseas for a cyber security they don’t always understand the nuances of our culture and also the complexity of our geography,” Michelle says.

For Michelle, the greatest successes in cyber security implementation is when an organisation engages a local provider. For her picking up a solution from elsewhere and trying to implement it here in Australia often leads in complications and issues that could otherwise have been avoided with a provider who understands local contexts and issues plus they are in our own time zone when something goes wrong.

Late last year, AustCyber published a Cyber Security Industry Roadmap to help connect organisations and also demonstrate the role that cyber security plays in enabling growth opportunities.

“At present, Australia’s cyber security as a sector is comparatively small, however it is forecast to triple revenue over the coming decade due to increased demand. I truly believe that case studies for what good looks like will come out of the logistics industry and I look forward to engaging with this industry,” Michelle says.