TLDR: ASE attended CyberCon, and David shares with us his top insights, including the challenges Australia faces with cybersecurity, and how Government intends to approach them. The challenges of the cyber war on Ukraine, and why Insider threats kept appearing!

ASE attended the CyberCon 2023 in Canberra this week with GRC partners, 3 Lights.

CyberCon served as a leading gathering for cybersecurity experts nationwide, bringing together industry pioneers, government officials, and professionals to exchange their expertise and perspectives on the most current trends and risks in the industry.

ASE’S Business Solutions Executive, David shares with us his top insights from the event.

CyberCon Days 1 & 2

It was a great start to the day with keynote speakers, ex-Prime Minister John Howard and the current Minister of Home Affairs and Cyber Security, Clare O’Neil.
The standout insights for me were:

• The “Optus and Medibank cyber events has woken Australia up from its cyber security slumber.”
• Government has now appointed the first Cyber Security Minister and National Cyber Co-ordinator to ensure all departments are working together to common goals.
• Focus to make Australia the most cyber secure nation in the world by 2030, and the bipartisan support to create the appropriate legislation to make this happen.

Governments ambition to push the responsibility of managing the cyber risks to the people that can do it the best.

• How to get the private and public sectors working together effectively and creating a sovereign cyber security workforce in Australia to face the challenges ahead, which will be a mix of private and public

Other Highlights included:

Immersive technology, Extended Reality and the Metaverse: Peta Estens, Deakin University

• Understanding the shift from using technology to merging with technology, this sensory emersion is like a transcendental experience and the impacts this has on our mental health.

The responsibilities of providers of these services, the biometric data that’s being collected and the need for new legislation on how this data is collected, saved and used. Laws, regulation, frameworks agreements, and policy about biometric data – how this varies from state to state and country to country

Combatting the mess of cyber standards facing Australian organisations – Andrew Robinson, 6 Clicks

• Understanding the different Cyber Security Standards although ISO IEC 27001 is the most comprehensive standard. No single standard covers it all.
• How the different standards relate to each other and how to use them in a complementary way.
• The importance to understand where you need to implement standards, where it makes sense and will deliver benefit to your business and improve your security posture.
• The opportunity to utilise of AI to help your business maintain its security posture.

A cyber war on Ukraine – Lessons learned and future opportunities for further public & private sectors to collaborate in cyber security – Stacy Omara & Ron Bushar (Mandiant / Google Cloud)

• Initially Russia was able to use cyber-attacks to take out key infrastructure in the Ukraine.Cyber attacks were a key domain of Russian operations.
• The Ukraine government initially lost a lot of time trying to understand how to engage the private sector to help manage their cyber security threats.
• The war got people to think more about how do to better protect their infrastructure, as the expectation was high that Russia would raise the level of attacks, but they were only effective for a short period. The combination of private and public sectors quickly and effectively were able to fight back to the cyber-attacks.
• Prioritisation of Ukraine to protect critical infrastructure was key.
• How to build the trust between public & private sectors, it takes time to build the relationships and share the mission. What are the holes in government capability, and how can the private sector fill the gaps?
• How to be prepared, how to escalate support – have the right policy in place so you can react quickly – Ukraine wasted a lot of time working out how to engage with the private sector
• Lessons

1. Be Prepared
2. Create Resilience
3. Be ready to respond

Inside Threats – Boaz Fischer

It was great to have one on one time with Boaz the author of the book “The Human Side of Cyber – Ignore at Your Own Peril”

• Understanding the 10 Risks you need to know to avoid an internal cyber breach causing a catastrophic impact on your organisation

1. You can’t control insiders
2. Insiders are self-serving
3. Insiders are the gateway of risk
4. Insiders can be recruited and coerced.
5. Insiders are calculating
6. Insiders make mistakes
7. You must continually judge trust
8. All data theft is an insider job
9. Technology alone will not solve risky human behaviour
10. Cyber security cannot exclude insider threats

CyberCon Day 2 ended with a fantastic dinner at Parliament House. it was great to share the table with our partners, 3 lights and 6 clicks and discuss the day’s learnings.

CyberCon Day 3

• Great to gain some insight about the Russian cyber activities during the early phases of the Ukraine ware and the evolution of malware and incident response.

Insider Threats – with Balaji Kapsikar

• 33% of insider incidents are caused by human error & negligence
• Education to your team is one of the best cyber defences you can have for insider threats

Automation in SOC to address staff shortages & improve response times – Gavin Coulthard

• Gavin shared some interesting ideas on how to automate functions within your SOC to improve efficiency and to deal with current staff shortages in the industry
• How to approach automation, where to start and how you need to invest time in the ongoing management of your automation tools

ASE’s participation at CyberCon 2023 demonstrated our commitment to staying at the forefront of cybersecurity innovation and knowledge. ASE and 3 Lights are together dedicated to providing top-quality cybersecurity services and staying up to date with the latest trends and technologies in the cybersecurity landscape.

Interested in learning how we could help you with your cyber challenges? Talk to our team today.