Raise the barWhile detecting and responding to cyber intrusions is important, even more important is to harden our networks and systems and make them less vulnerable to intrusions. In this case, prevention is definitely better than the cure.
Although some organisations may be implementing international cyber security standards that all organisations can achieve, others are not doing so. In our interconnected world, a solid baseline of cyber security practice is critical to achieving confidence online.
Self-regulation and a national set of simple, voluntary guidelines co-designed with the private sector will help organisations improve their cyber security resilience. As suggested by the private sector, these guidelines will be based on the Australian Signals Directorate’s
Strategies to Mitigate Targeted Cyber Intrusions. These strategies will continue to be updated to keep pace with evolving technologies and innovative responses to cyber security challenges. While in its infancy in Australia, the rapidly growing cyber insurance market may help enforce improved cyber security performance.
ASX 100 listed businesses will have the opportunity to improve their cyber security governance by participating in voluntary governance ‘health checks’. The governance ‘health checks’ will enable boards and senior management to better understand their cyber security status and how they compare to similar organisations. In time, these ‘health checks’ (similar to the United Kingdom’s
FTSE 350 governance health checks) will be available for public and private organisations, tailored to size and sector.
Small businesses often find it challenging to allocate resources to do cyber security well. Without adequate cyber security they can become the soft underbelly or back door into connected organisations. The Government will provide support for small businesses to have their cyber security tested by certified practitioners.
The Government will also support the
Council of Registered Ethical Security Testers (CREST) Australia and New Zealand to expand its certification of information security testing services.