now browsing by tag


#nationalcybersecuritymonth | ATO gets $151m for better storage, security – Strategy – Software

Source: National Cyber Security – Produced By Gregory Evans

The federal government has handed the Australian Taxation Office almost $151 million to improve data storage and security system resilience.

The new funding, revealed in the 2019-20 mid-year economic and fiscal outlook (MYEFO) today, comes after the agency secured $70 million to move out of its data centre in the April budget.

The funding will be provided over three years from 2019-20, though just how much will be spent on each has not been laid out.

The Department of Finance will use $0.5 million of the total funding to perform assurance reviews on the project.

MYEFO documents also reveal a further $31.2 million for the Department of Home Affairs to improve the country’s visa and citizenship processing ICT system over the next three years.

The funding will be used enhance the systems “online service delivery and data management capabilities”, ahead of the department’s decision on an external provider for the new billion-dollar visa processing platform.

Last month, the department revealed that at least $80 million had been spent on the design and procurement of the platform, which is slightly more than it was provided in the 2018 MYEFO for the work.

“The measure will improve the Department of Home Affairs’ ability to verify the identity of individuals arriving in Australia,” MYEFO documents states.

“The measure will also allow continued engagement with the market for a strategic technology solution to ensure Australia’s visa systems remain competitive, relevant and safeguard national security.”

The government has also made good on its election pledge to invest in cyber security, with MYEFO documents revealing that $152.7 million to be spent on a range of projects over the next four years.

It follows an undisclosed amount of funding in the April budget to address cyber security concerns against some of the country’s most critical systems.

The government’s cyber security resilience and workforce package will be used to create “additional specialist cyber security positions … to monitor and respond to cyber security threats”.

The positions will be created in the Australian Signals Directorate and the Department of Defence.

The funding will also be used to offer cyber security scholarships and training opportunities, as well as provide assistance to small businesses, older Australians and families on how to conduct online activities securely.

It will also be used to secure voter information, though no detail was provided on how this would be done.

Other funded measures include:

  • $12 million in 2019-20 for the Civil Aviation Safety Authority to regulate commercial drone technologies in Australia.
  • $3 million over two years for the Department of Employment, Skills, Small and Family Business to “undertake additional design work, stakeholder engagement and use research to further inform the development of the VET Student Loans IT System”.
  • $2.1 million over two years to continue the Commonwealth’s contribution to the national coronial information system.
  • $1.8 million over two years for the Australian Road Safety Foundation to pilot a digital road safety passport that informs Year 9 school students about road safety.

Source link

The post #nationalcybersecuritymonth | ATO gets $151m for better storage, security – Strategy – Software appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Pollies to face phishing tests after Parliament breach – Strategy – Security

Source: National Cyber Security – Produced By Gregory Evans Parliamentarians and their staff will be subject to phishing email simulations in the wake of the state-sponsored cyber attack against Parliament House earlier this year. The Department of Parliamentary Services will conduct the simulations as part of a new program to test the cyber security awareness […] View full post on

​New Zealand to #refresh #cybersecurity #strategy

New Zealand Broadcasting, Communications and Digital Media Minister Clare Curran has announced a refresh to the country’s three-year-old cybersecurity strategy amid concerns of a growing threat landscape.

The New Zealand government will be refreshing its approach to cybersecurity, giving a facelift to its existing Cyber Security Strategy and Action Plan introduced in 2015.

According to Broadcasting, Communications and Digital Media Minister Clare Curran, the increasing number of cyber threats has provided criminals with new avenues to cause harm in New Zealand. She said the widespread use of connected devices and the security challenges of emerging technology are intensifying the problems.

“So it’s timely for us to step up New Zealand’s cybersecurity efforts so that we are not left vulnerable to cyber intrusion and to refresh the 2015 strategy so we can deal with increasingly bold, brazen, and disruptive threats,” Curran said.

“This government has committed to building a connected nation, promoting, and protecting digital rights. We intend to close the digital divides by 2020, and to make ICT the second largest contributor to GDP by 2025. A modern, responsive cybersecurity system is essential to this.”

The refresh plan [PDF], penned by Curran, points to the National Cyber Security Centre’s (NCSC) Cyber Threat Report 2016-17 that revealed the NCSC recorded 396 incidents during the 12-month period and provided “hands-on, intensive incident response” on 31 occasions.

It said the clear trend is “an upward trajectory of cybersecurity threats”.

“Cyber threat actors are increasingly bold, brazen, and disruptive. New Zealand’s geographical location does not exempt us from this threat,” it continued.

The Department of Prime Minister and Cabinet approved New Zealand’s second Cyber Security Strategy, Action Plan, and National Plan to Address Cybercrime in November 2015.

“The strategy has served us well as an overarching framework for cross-government work under four goals: Cyber resilience, cyber capability, addressing cybercrime, and international cooperation,” the plan says.

“The problems are growing, and it’s timely to look at what more can be done to improve New Zealand’s cyber defences,” Curran added.

The plan points to similar efforts made by the United Kingdom and Australia, calling it an appropriate time to examine whether New Zealand is making a suitable contribution to address the cybersecurity challenge alongside its partners.

“A refresh of the Cyber Security Strategy and Action Plan would enable us to test whether we are investing the right resources and structuring our efforts, in the right way, across protective security, civilian, military, law enforcement, and intelligence agencies to make the greatest improvement to the security of our digital infrastructure and communications,” the plan continues.

The refresh will be completed in a “more joined-up”, cross-government approach, and in partnership with the private sector and non-government organisations.

“This refresh of the Cyber Security Strategy and Action Plan provides an opportunity to look at the cybersecurity roles of agencies,” Curran wrote.

“We need to continue assessing whether we have the optimal arrangements and resources for effectively addressing cybersecurity efforts across government.”

Curran said work is also under way to improve the system-wide understanding and mitigation of cybersecurity risks to government agencies.

“A structured approach to ensuring private sector engagement with the government’s work (and vice versa) might be one option for consideration. This could include considering models such as advisory boards or a cybersecurity council. It may help us to get the right level of engagement with the private sector on cybersecurity — a challenge which our international partners also face,” she explained.

The refresh is expected to complement other initiatives already under way by the government, such as the development of a Digital Strategy for New Zealand, the proposed establishment of a chief technology officer, and the priority accorded to digital rights.


The post ​New Zealand to #refresh #cybersecurity #strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #Strategy: Top #Security #Resolutions for 2018

Source: National Cyber Security – Produced By Gregory Evans

From conducting a top-to-bottom IT security audit to ensuring your computing infrastructure and software are completely updated and patched, there are plenty of important tasks related to cybersecurity strategy for IT pros to check off as 2018 approaches.

To help enterprises get a fresh start on the New Year, ITPro asked several IT analysts to share their top ideas for 2018 security resolutions which IT pros can follow as part of a broader cybersecurity strategy to help keep their business systems running smoothly.

To start, the New Year is a good time to check to ensure that all your company’s endpoints – from laptops to desktops to switches and everything in-between – are secured where they connect with your secure company networks, says Dan Olds, principal analyst at Gabriel Consulting Group.

“This is also a good time to check the security profiles for everyone on your network,” and make sure that everyone is obeying policies when using their devices, he says. “By this I mean making sure that every employee has just the right amount of access to data needed to do their jobs – and no more.” By conducting such checks, you’ll likely uncover many potential threats, such as contractors and ex-employees who might still have accounts on your systems, he adds.

Another important resolution that’s often forgotten is to be sure all your hardware and software are given the latest security updates and patches to protect your users and IT systems, says Olds. “The biggest threat vector today is unpatched systems. Get everything brought up to date to face the New Year behind a reinforced wall of security.”

“You could even put your IT systems to the acid test by hiring hackers actually try to penetrate your systems from outside your firewall,” says Olds. “This isn’t an exercise for the faint of heart, but it will pay dividends.”

Sean Pike, a security analyst with IDC, recommends tightening your cybersecurity strategy and ensuring cloud security by taking steps to harmonize your company’s tools for managing on-premise and cloud-based cloud infrastructure.

“Once upon a time, traditional, on-premise security providers generally failed to innovate toward the cloud as rapidly as perhaps they should have,” says Pike. “As a result, many organizations ended up treating cloud and on-premise infrastructure differently,” which meant learning and maintaining separate security tools for two different environments.

To simplify such issues in 2018 and better manage your company’s clouds, IT pros should work in 2018 to integrate their hybrid or multi-cloud security using a single tool, he says.

“A great example of this are cloud security gateways (CSG) in which security vendors have spent a great deal of time adding functionality over the last two years,” says Pike. “The CSG is the central control point for hybrid cloud environments for a number of large security vendor incumbents.”

Another important resolution to prepare for is the upcoming General Data Protection Regulation (GDPR), which will take effect in the European Union on May 25, 2018, says Pike.

The GDPR replaces earlier data privacy laws and applies to businesses outside the EU if they offer goods or services to EU residents. The GDPR applies to all companies processing and holding the personal data of EU residents, regardless of where a company is located. Penalties for non-compliance with the GDPR are costly – up to four percent of a company’s global revenue or $22.7 million for violations, such as not having sufficient customer consent to process their data and not notifying the supervising authority and users about a data breach within 72 hours.

“Security pros will be scrambling to meet GDPR as the May deadline edges closer,” he says, and once 2018 arrives it will be time to act. “Unfortunately, many businesses will just be kicking off their efforts so it’s a good idea to start by identifying business processes and establishing how data flows throughout each process.”

Since there will be so much to do if you haven’t yet gotten started, “it’s important to first understand how business processes actually work and what kind of data is out there,” says Pike. “Otherwise, you run the risk of overwhelming staff with too many instances of potentially sensitive data to chase. I always like to start with the process where possible.”

IT pros should also spend more time with network access control (NAC) in 2018, he says, as they continue to connect new kinds of devices and sensors to the Internet of Things as part of their corporate infrastructure.

“IDC sees NAC as a necessary first line of defense as businesses expand to allow unknown, unmanaged, or unintelligent devices access to network resources,” says Pike. “NAC’s core discovery functionality can help businesses identify and inventory devices that connect,” and can control access to network resources by acting as a gatekeeper and disallowing devices that do not meet a preset corporate profile.

Another analyst, Charles King of Pund-IT, suggests trying a new tack in 2018 by making “best-case scenario” projections for security, rather than the typical worst-case scenario planning that seeks to plan for disasters that can occur. Instead of overwhelming IT staffers and other employees with worst-case planning, “imagine what your organization would need to make it through 2018 without any security breaches or problems, then consider what it would take to achieve that state,” says King.

“Maybe you’ll find that it’s virtually impossible due to factors like fundamental disconnects between the security solutions you use and the systems they’re meant to protect,” he says. “Maybe your company has employees or executives who can’t be bothered with security procedures they’re asked to follow. But each of those discoveries will identify incremental action items that you and your co-workers can work to correct” in the New Year.

Not every security resolution for 2018 must be huge, though, says Andras Cser, an analyst at Forrester Research.

“Change passwords every 90 days and enforce them to be at least 10 characters in length,” says Cser. In addition, “implement at least the option for two-factor authentication for employees and customers on your websites,” while taking detailed steps to revise and fortify your enterprise’s incident security responses to better protect the company.

Ensuring that your IT security starts strong in 2018 and continues throughout the year is a great goal to have for every enterprise. Using these expert IT security resolutions and tips can help you accomplish those tasks.

The post Cybersecurity #Strategy: Top #Security #Resolutions for 2018 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #insurance only a #piece of #data #protection #strategy

Source: National Cyber Security – Produced By Gregory Evans

Many organizations are reinforcing their cybersecurity strategy by signing up for cybersecurity insurance. Cybersecurity insurance is still in its nascent stage of development, but businesses worldwide are beginning to recognize its importance in today’s evolving threat landscape: Auditing firm PwC predicts insurance policy premiums to grow to $7.5 billion by the end of the decade.

At the recent MIT Sloan CFO Summit in Boston, panelists during a session titled Cybersecurity: How much is too much? talked about the role cybersecurity insurance plays in an organization’s overall cybersecurity strategy.

“In terms of cyber insurance, it is a pretty new industry; it’s still maturing,” Aparna Ramesh, ‎CFO at the Federal Reserve Bank of Boston, said. “I think it will be interesting to see what kind of analysis and information comes out once this industry matures.”

Designed to mitigate financial losses from incidents like data breaches, cyber insurance can protect businesses from some of the risks involved in doing business online. Cybersecurity insurance policies can help cover extra expenditures such as regulatory costs and meeting customer notification requirements that result from the theft or destruction of digital assets.

But Pietr Lindahl, senior director of cyber threat reduction and strategic analysis at ‎Philips, advised organizations against solely relying on cyber insurance.

“It may help soften the blow from a financial perspective, but hasn’t done anything to protect your brand reputation or ensure business continuity,” Lindahl said.

Several factors are considered when budgeting and planning an organization’s cybersecurity investments such as insurance policies, Lindahl said. The amount of money budgeted will vary based on the company’s risk profile, what kind of information they have that could be targeted and what kind of proprietary information they have, he added. He also advised organizations to annually reevaluate their threat landscape and risk appetite.

Scott Ward, CFO at Cybereason and a co-panelist, sees cybersecurity insurance as “just another tool in the toolkit” of organizations trying to prevent and prepare for cyberattacks.

To think of it as a silver bullet is wrong, Ward reinforced. After Target’s huge 2013 data breach, cyber liability insurance covered only 36% of the companies associated costs, he reminded the audience.

“A lot of technology is still evolving, changing and improving and the same has to be said with cyber insurance policies. There is a lot of work going into those policies in the development and understanding what’s covered and what’s not. It’s definitely a work in progress,” Ward said.

The post Cybersecurity #insurance only a #piece of #data #protection #strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

National #cybersecurity #strategy can help #Ireland cement its place as an #infosec #hub within #Europe

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Something interesting has happened in the past year: the term ‘cybersecurity’ has finally entered the mainstream. Due to a period of global instability and numerous cyberattacks by actors eager to take advantage of the uncertainty wrought by Brexit and Trump, the issue of cybersecurity has never […] View full post on | Can You Be Hacked?

UN report: 50% of countries have no cybersecurity strategy in place

Source: National Cyber Security – Produced By Gregory Evans

Only 38% of countries have a published cybersecurity strategy, and just 12% are in the process of developing one, according to a new report from the United Nations (UN). The Global Cybersecurity Index 2017, created by the UN’s International Telecommunication Union (ITU) and released Wednesday, urges more countries to consider…

The post UN report: 50% of countries have no cybersecurity strategy in place appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Changing Technology Leads Evolving Cybersecurity Strategy

Source: National Cyber Security – Produced By Gregory Evans

Changing Technology Leads Evolving Cybersecurity Strategy

Dr. Jacob Shively, assistant professor of government at the University of West Florida, recently received a GROW Institute grant from the UWF Office of Research and Sponsored Programs to begin to look at the implications of technology and security policy. “My larger area of interest is national security and foreign…

The post Changing Technology Leads Evolving Cybersecurity Strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Lessons for business from US cyber security strategy

Source: National Cyber Security – Produced By Gregory Evans

Lessons for business from US cyber security strategy

This month has seen two important events for global cyber security – the updating of the United States government’s cyber security strategy and a detailed briefing on cyber threats from the US intelligence services. The executive order signed by Donald Trump gives individual heads of government agencies the final responsibility…

The post Lessons for business from US cyber security strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

One year on, is Australia’s cybersecurity strategy on track? Experts respond

Source: National Cyber Security – Produced By Gregory Evans

One year on, is Australia’s cybersecurity strategy on track? Experts respond

rime Minister Malcolm Turnbull launched Australia’s cybersecurity strategy in April 2016, and more than one year on, there’s work to be done. Upon launch, the strategy was criticised for its lack of funding and vague goals. Among other targets, it aimed to ensure more information was shared between government agencies…

The post One year on, is Australia’s cybersecurity strategy on track? Experts respond appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures