There is not a day that passes where we do not read about a company or government agency having been hacked and had data stolen, or the organisation held to ransom. This will not stop.
Cyberattacks are not new. Ever since we entered the digital age they were inevitable. But now the situation is critical. And the reported cases are just the tip of the iceberg.
Whatever we call it, cyber warfare, cyber espionage, or cyber theft, the results are the same. Theft of personal records and data, intellectual or real property, is inevitable.
Catastrophic disruption to business and government and the threat to industrial control systems (energy grids, dams et cetera) is now apparent. We should be alarmed that this threat is growing exponentially and caused by malicious players either individual or organised criminals, rogue states or even friendly powers.
What is new however, is the urgent cyber security posture taken by our government and security agencies. This is a welcome development.
Our government’s correct and clear concern will hopefully ensure that our most important government and non-government agencies and institutions will take a serious look at whether they are truly cyber secure.
Having been in the cyber security industry for more than 20 years, I have never ceased to be amazed at both the often cavalier attitude adopted by leaders of many government agencies and companies all over the world as to their cyber resilience, and their general lack of knowledge of the cyber risks they face.
Too often I have seen catastrophic cyberattacks that have accessed and stolen sovereign nations’ economic secrets where the data has sadly not been encrypted.
We cannot stop cyberattacks. But we can mitigate the damage. How? By the encryption of data both at rest and in transit. Any data stolen can be rendered meaningless using robust encryption technologies which scrambles the data.
Similarly, protection against zero- day (‘unknown unknown’ malware) attacks can be achieved. Anti-virus is important, but it cannot protect against the zero-day threat which poses a huge risk.
The government’s initiative embodied in Australian Signals Directorate’s Essential Eight” controls is an outstanding initiative that all organisations should embrace to prevent the risk of a successful cyberattack.
But the implementation of these controls does not eliminate the risk of a successful cyberattack. The last line of defence is encrypting data at rest and in transit.
Our government can take immediate action to ensure that designated ‘national interest’ government and non-government organisations data is safe even if a cyberattack is successful. It should mandate that those organisations encrypt their data whilst at rest and in transit.
Francis Galbally is the founder and Chairman of the Australian cybersecurity company Senetas Corporation Ltd. Senetas is a global leader in the development of high-performance encryption security solutions.