For a country with a culture based on taking things as they come, Check Point has said Australia is taking the threat of cybersecurity seriously.
Previously, organisations in Australia were protected by the country’s geographic isolation, but as business is now being carried out at scale via the internet, Tony Jarvis, chief strategist of threat prevention at security vendor Check Point, has said everyone is “fair game” when it comes to the threat of a breach.
Speaking with ZDNet, Jarvis said organisations in Australia used to have the luxury of foresight, watching peers from bigger parts of the world deal with security-related incidents six months before the trend entered Australia, providing them with ample time to prepare.
However, that is no longer the case, as highlighted by the WannaCry ransomware that claimed hundreds of thousands of victims across 150 countries, reaching speed and red-light cameras on state roads in Victoria, and Petya, which even halted chocolate production at Cadbury’s Tasmanian factory.
“When you’re doing business on the internet, which everybody is, everybody is fair game at exactly the same point in time, so we have to be cognizant of that,” Jarvis said.
“Australia is good at taking that seriously, they do appreciate that risk, and translating that into taking the necessary actions and preventative measures is definitely on the agenda.
“Australia is making good progress.”
He said it is important to remember there’s no such thing as cybersecurity in the sense that nothing can be 100 percent secure.
“Rather, cyber resilience, and being prepared as you can be while also acknowledging the fact that something might slip through the cracks, and having a plan in place to deal with that should it happen,” he explained.
“Australia is definitely taking the right steps, everybody faces slightly different risks, but more or less they’re all on the same sort of path.”
Australians have a reputation of being heavy consumers of technology, and with the estimation that there will be 20.4 billion Internet of Things (IoT) devices deployed by 2020, Jarvis said securing these devices should be a priority, given that IoT presents a future that is very difficult to secure.
He said it’s important for everyone involved, including designers, manufacturers, retailers, and consumers, to be aware of the security risks.
“There’s always a lot of hype in the security industry, unfortunately, and a good part of our time is spent on deciphering what is hype and what is fact,” Jarvis explained.
“Unfortunately, when we start talking about IoT, a lot of the hype is real.
“We live in a capitalist society; we have manufacturers and companies whose job is to put products on the shelf that we want to go out and buy and they improve our life somehow, such as fitbits and other fitness trackers,
“Unfortunately, security lags quite a number of years behind bringing these products to market.”
While there are a number of best practice guidelines published by the likes of IoT Alliance Australia and the Cloud Security Alliance, there’s no unanimous decision on which standard to adopt, nor is there an overarching body to make sure every part of the process adheres to agreed guidelines.
“Not all manufacturers will adhere to those standards, but even if they do, if there’s a vulnerability that’s found on a specific device, how do you actually go and remediate or patch that, because it’s not always possible,” Jarvis added.
“A lot of the hype in this case is justified.
“We don’t need to be worried, but we do need to be cognizant.”