Future of Security, Sydney 2024

• Applying history to the present: The emergence of the cyber discipline, the ramifications of the 1971 ‘Creeper’ program and the ways cyber warfare has evolved. 

• Introducing artificial intelligence to software development: new opportunities for criminal exploitation, the automation of cyber-attacks, evading defense layers and scaling malicious activity.  

• When Quantum and AI merge: accelerating the deployment of high-quality phishing campaigns, performing data mining exercises within microseconds and relinquishing privileged information through sophisticated ‘deepfake’ technologies.

• Adopt the language of ‘risk’ to communicate the necessity of increased investment in 3rd party risk management, 24/7 monitoring and incident response systems.  
• Remedy traditionally antagonistic relationships between cyber and the wider business: become a supporter of IT innovation and an enabler of critical business imperatives.  
• Collaborating with your data and IT team for cyber invulnerability: embedding ‘security by design’ as a core principle during software development.

• During economic downturns, it's crucial to shift your focus to tech stack consolidation and the ongoing enhancement of baseline controls, such as patch and vulnerability testing.
• Strengthening your core controls while bracing for challenging times: conduct a comprehensive enhancement of controls and confirm that your guardrails align with your risk tolerance.
• Ensuring operability within the boundaries of compliance: approaching security as a fundamental practice to satisfy basic regulatory demands and avoid blindly following the latest industry fads.

• Embarking on a comprehensive enhancement of controls to support the Government's newly announced Six Cyber Shields strategy and collaborating with the state to transform Australia into a leading nation in cyber security.
• In preparation for APRA's CPS230, it is crucial to ensure that baseline controls are established, the use of multi-factor authentication is increased, and there is a heightened focus on managing third-party risks.
• Assessing the daily impact of oncoming regulation on your department: the consolidation of endpoints, updating end-of-life controls for existing software, and alleviating workforce pressures.

• Understanding the post-AI recruitment landscape
• Acquiring talent through hiring for qualities like creativity and problem-solving
• Utilising novel strategies to protect your future data

• Maintaining compliance with upcoming regulations while also achieving operational excellence and driving business outcomes is crucial. It involves ensuring that Australia's financial services industry aligns with international standards and finding ways to respond to increased regulatory demands from APRA and ASIC.
• Exploring technical advancements in methodologies such as Multi-Factor Authentication, Identity Access Management, and the use of geo-proximity data for password-less access to devices.
• Supporting critical business operations by consistently adhering to the principles of People, Processes, and Technology (PPT), enhancing end-to-end processes, implementing appropriate controls, and fostering innovation within the IT team.

• The crux of AI's practicality hinges on the critical need to develop an AI strategy from the outset and steering clear of implementing AI simply for the sake of it.
• Employing AI in security: Tackle the expanding cyber skills shortage by automating mundane tasks, thus allowing your team to redistribute resources more efficiently and focus on the strategic direction of the department.
• Preparing for the criminal exploitation of AI: Anticipating an increase in attack vectors, the automation of cyber-attacks, and respond by automating layers of data protection and defense.
• Mastering AI Governance to Minimize Risk: Revise current corporate procedures and policies to integrate AI effectively.

Preventative Strategies: Acknowledging the inevitability of cyber incidents and ensuring that routine security measures satisfy fundamental standards.
Proactive Strategies: Investigating how cyber experts are constructing frameworks to actively address the threat environment and enhance cyber and IT teams through automation.
Integration of Both: Comprehending the necessity of managing residual risks and considering cyber security as an all-encompassing task, steered by executive leadership.