Expectations remain low with the upcoming Labor 2022-23 Budget relating to anything remotely actionable and useful when it comes to keeping Australians safe online.
The rhetoric has been predictable year on year with ‘uplifting our cyber posture’ and ‘building capability across national priority sectors’ plus ‘improving safety, security and trust’.
The 2020 Cyber Security Strategy was delivered without the necessary measurable deliverables and outcomes linked to the human element of cybersecurity and the budgets have followed suit.
Considering the overwhelming evidence that the majority of successful cyber-attacks/breaches are the result of human error, it stands to reason and logic that education and awareness of humans should be non-negotiable.
Think about this for a moment. Now, and for many years, anywhere from 8 to 9/10 of successful cyber-attacks/breaches are the result of human error. That’s a lot.
Correct me if I am wrong. If we were to educate humans, increase their awareness, provide them with the tools, skills, and knowledge to make better decisions when it comes to being safe and secure online, would less errors be made? I say yes.
Australia has been great at promoting safety on the roads, in the sun, at the beach and at work. How about a National Cyber Awareness Education Campaign for everyone ‘Think Cyber First’ or a ‘Think before you click’.
We have a baseline to work with already and if done correctly, the Australian Government can move the needle. Even a small drop would be incredible when you consider the cost of reported cybercrime to Australians was $33 billion from 1 July 2020 to 30 June 2021
You have heard a lot about the cyber skills gap on recent time and how by adding more people into the cybersecurity workforce will fix the issues we are currently facing related to the increase of cyber incidents, attacks and breaches.
Let me say this first – yes, we need more people in the cybersecurity workforce. However, the recent Optus data breach has highlighted we have a greater risk at hand.
The cyber knowledge gap or awareness gap that exists with the general population which consists of every human who uses technology and devices and works outside of the cybersecurity bubble.
In the days that followed the Optus breach, our government issues new legislation, laws and commentary towards organisations when it comes to cyber incidents. The media focussed its time on who should have done what, when and why and who was to blame.
This response is not surprising when you consider our recent research where KnowBe4 found that two-thirds of Australian IT decision-makers believe the Government should be doing more to protect against security risks, fewer than half understand their data breach reporting requirements and more than a quarter think technology will keep them safe.
While those what, when, why and who questions all require answers, if the consumers affected by this breach had already implemented a basic level of cyber hygiene, the stress, fear and confusion would have been minimal.
A basic level of cyber hygiene includes the use of a password manager, implementation of Multifactor Authentication (MFA) using a third-party authenticator app, and knowledge and awareness of their data – specifically the different type of data they have shared with organisations and when they need to take action should it be involved with a data breach.
Empowering Australians to make better decisions when it comes to security is the goal which comes from a focus on security awareness, behaviour, and culture.
This is a direct result of an ongoing, relevant, and engaging security awareness and education program incorporating organisation wide cooperation. We can not only rely on government or technology when the majority of breaches are the direct result of human error.
Cybersecurity is everyone’s responsibility, and we are far from being in a position where we are making better decisions when it comes to staying safe online.
My rose-coloured glasses remain on as the 2022/23 Labor Budget is in its final stages prior to release. I will be one of those people watching it on the ABC and reading every page with a focus on all things cybersecurity.
