In a significant move to strengthen cybersecurity infrastructure, Westpac's chief information security officer Richard Johnson has articulated the need for a robust public-private partnership.
Speaking at The Australian Financial Review Cyber Summit, Johnson expressed concerns over the focus on victim organisations and regulations, arguing that more should be done to counteract untouchable adversaries.
"Australia should create a stronger national capability to seek out threats," Johnson said.
Home Affairs and Cyber Security Minister Clare O’Neil echoed the sentiment, revealing that a new national cybersecurity strategy would soon be unveiled.
Working as an ecosystem
The discussions shed light on the necessity of working as an ecosystem, a practice Johnson affirmed is already in place among Australia’s security professionals via the Slack communication platform.
“We talk a lot about the victim organisation, regulations and fines. We don’t talk enough, for my view in terms of balance, of what can we do to take the fight to adversaries that are untouchable,” Johnson said.
O’Neil also supported the idea of real-time information exchange between businesses and government to preemptively block threats.
“By 2030, we envision a world where threat intelligence can be exchanged in real-time, at machine speed – and then threats blocked before they cause significant harm,” the minister said.
Despite the emphasis on cooperation, companies remain cautious about sharing sensitive information publicly.
Reluctance to share information
Telstra Security chief Narelle Devine noted that reluctance to share might arise from lingering vulnerabilities in a company’s systems.
"Legacy systems are not easily upgradeable and could take years to change," Devine explained.
This perspective is backed by the cybersecurity minister, who stated that companies were not obligated to disclose the details of cyber breaches.
Dealing with ransomware
Cyber Security Cooperative Research Centre chief executive Rachael Falk spoke about the difficulties that companies faced when dealing with ransom demands.
Once a company is in "harm minimisation" mode, the focus shifts to protecting the customer base and corporate reputation.
This collaborative approach between the Australian Government and businesses aims to build a more resilient cybersecurity framework. The forthcoming national cybersecurity strategy is expected to further clarify the parameters of this alliance.