Mitigate Cyber Adversaries: Creating a Resilient Cyber Defence Capability
Marco Figueroa, CISO at the Department of Finance, Services and Innovation NSW, Sherry Rumbolt, Senior IM/IT Security Officer, Department National Defence, Canada and Matthew Sirotech, Manager of Governance, Security and Risk at Family and Community Services (FACS) NSW share some insights and discuss the notions and nuances that goes into creating a strong cyber defence that is capable of mitigating cyber risks and foiling attackers.
“Implementing “Defence in Depth” will yield maximum benefit as security controls are layered ensuring that failure of a control does not compromise the entire ecosystem. In addition, traditional cyber security approaches have focused on prevention controls and compliance standards. These have an important place, but it is evident that an expanded focus is needed on cyber security incident monitoring, detection, response, and recovery capabilities. This expanded concept of cyber resilience is the ability to prepare for, respond to and recover from cyber incidents and disruption.
To further ensure a strong cyber defence capability, implementing the Australian Signals Directorate’s “Essential 8 Mitigation Strategies” will assist in creating a stronger mitigation capability against cyber threats. Additionally, there should be a shift from compliance frameworks to a more cyber defence oriented organisation when focusing on internal processes. This is because while compliance is still important, any organisation can be compliant with all the frameworks of this world; yet cybercrime can still slip through their networks. By enabling risk-based decisions facilitated by a robust Risk Governance Framework, we can mitigate against cyber risks.
Then, to effectively prevent and respond to executable threats such as phishing attacks, your organisation must have a strong risk policy that clearly defines what a compromised email is across your organisation. This should be reiterated to staff through training sessions which should be re-done every year. This is because one mis click can potentially allow malicious code to infiltrate systems. Hence, training and awareness is important if you want to maintain a strong and consistent cyber defence.
Providing staff with awareness sessions as well as simulations to rehearse cyber security incidents is a also another great way to test the effectiveness of your organisations incident response management plan and keep employees aware of potential risks. Finally, to ensure consistent vigilance, employees should be refreshed and re-trained about the threats and impacts of cyber-attacks frequently. I believe that every quarter organisations should be providing consistent updates and training about potential cyber threats. For example, in the form of short videos which people can watch a quite easily to stay ahead of the latest trends.” -
- Marco Figueroa (CISO) - Department of Finance, Services and Innovation NSW
“To create a defensible cyber security for your organisation, you need to focus on three key areas; people, processes and technology.
For people you need to source the right talent and train them properly to be capable of handling the tasks required. You also need to educate employees about the processes around cyber security and encourage them to do the best job that they can through continuous support.
Process is about building sustainable cyber defence operations by establishing viable procedures in how you’re going to do that. Therefore, you need to set up procedures for tasks such as checklists and operations for your team. This creates standardisation for mitigating and implementing stronger cyber capabilities.
With technology, you need to have the proper tools in place, such as monitoring, detection and mitigation tools to perform the tasks required. Prioritize and spend money on the best tools you can afford to cover each area. After that, you need to continuously refine these three key areas and improve on them as the cyber landscape inevitably shifts in the future.”