An Interview with Grant Slender, Head of Security, Cloud and Support, Chief Information Security Officer, QIC
"The market is no longer surprised by cyberattacks or sympathetic to organisations that aren’t prepared, so it is now critical to be prepared and organised when incidents occur."
FST Media: Your upcoming panel discussion at the 2019 FST Government Queensland conference will explore cyber resilience in an increasingly digitised world. Could you offer us a hint as to what that means for your organisation over the next six to 12 months?
Slender: Our organisation is well prepared. Everyone from technical support teams through to senior executive stakeholders are well versed in the cyber incident process, as well as the role that they play and what to expect throughout the cyber incident response plan.
FST Media: Why should cyber resilience be such a priority for organisations?
Slender: Being able to quickly respond to – and appropriately recover from – a cyber incident is now considered a mandatory business requirement.
The market is no longer surprised by cyberattacks or sympathetic to organisations that aren’t prepared, so it is now critical to be prepared and organised when incidents occur.
FST Media: How can we effectively balance people’s awareness of the need to be more resilient with inherent security vulnerabilities?
Slender: Both need to be managed equally and investments need to reflect control gaps in each area appropriately.
Awareness is a critical component of any effective cybersecurity program; this is what ultimately supports the efforts and activities of identifying and reducing security vulnerabilities.
FST Media: How can an organisation encourage individual responsibility for the safe use of everyday ICT tools?
Slender: Education and awareness are key; responsibility for good cybersecurity rests with everyone. There is a personal responsibility to maintain safe cyber practises at home that are equally valid in the corporation.
FST Media: What are some of the key lessons we can learn from the recent data breach within the Victorian Government?
Slender: Cybersecurity extends beyond the organisation and into third-party suppliers. This is why third-party vendor management and governance is another key pillar of a successful cybersecurity program.