Government agencies need to prioritise quality over quantity and search for smarter automation and technology solutions to keep up with cyber security of other countries, as they have already scaled up their resources in the face of escalating threats, according to cyber security panelists speaking at the recent 8th Annual FST Government Australia 2022 event held in Canberra.
“I think Australia can be small but still can be mighty [in terms of cyber security]. It does not have to be a scale issue, quality over quantity, but we need to get smarter with automation and technology,” Nicole Ozimek, Assistant Secretary Cyber Security and Network Branch (CRB), Department of Foreign Affairs and Trade, told conference attendees.
However, she stressed, in order to ramp up the cyber security resources, the Government agencies need to bring in a more diverse workforce.
“We need to attract people to cyber profession not just those coming out of doing IT qualifications. I think if you have the attitude you can learn cyber and have a very successful career,” she said.
However, bringing on board people with transferrable skills and from different backgrounds was only a part of the equation. In order to do it right, the agencies would first need to create an inclusive culture and build their internal leadership which would help work with and leverage diversity, the panelists said.
Alan Marjan, Assistant Director-General Cyber Uplist (ADGCU), Cyber Security Resilience Division, Cyber Uplift Branch, Australian Cyber Security Centre, stressed the significance of multi-disciplinarians and the roles agencies had to play in promoting them and diversity.
“I think you need to have the right environment and workplace offering flexibility as well as pathways and programs to address skills gaps. You can bring in people of different skills and help them achieve skills they want to achieve in a flexible and comfortable environment.”
Discussing the importance of the roadmaps to enhance implementation of cyber capability models, Ozimek said there was a number of factors the agencies would need to consider, but understanding the risks, responding to them and continually monitoring and coordinating the back-ups was key.
“In terms of the roadmap of building resilience in your network and continually uplifting your cyber security posture, I think the key thing is looking at the threats and attacks detectors and having appropriate controls in place,” she noted.
At the same time, it was crucial that end users would be assured and understand all the changes being done to their networks.
“The key thing is to understand the risk and understand what controls can mitigate that and then having appropriate funding to implement the technology, whether it is in the cloud or on premise, and then having resources to sustain it,” Ozimek emphasised.
“We are all very guilty of just having a technology fix but it is about people, processes, framework and governance response to have a good cyber security.
“Increasingly, we are putting our data in cloud but that does not mean you are outsourcing your risks. That means you have to work very closely with vendors and understand those controls and mitigations, as well as holistic approach. I think that is an interesting challenge that we are working through now.”