In terms of the security of our information systems, it is my opinion that western materialism is contributing to Australia’s growing cyber risk. We are increasingly viewing our information systems as an entity that can be defended with a one stop shop of cyber security products. This type of thinking is leaving our economy and businesses wide open and the growing threat of complex cyber attacks is only increasing. It is critical that a ‘systems defence’ strategy is implemented to harden our ICT infrastructure.
The first point I want to make is that in the defence of your information, the enemy is not your market competition. The enemy is the unknown human executing malicious attacks on your systems. The threat vector is the internet. Computers here are not the enemy; criminals and humans are the hostile actors. We need to start assessing these threats as people rather than the exploit that they are using. If you understand the threat you can anticipate it.
A cyber security professional with a military background understands this better than most. They have been trained and think in a parallel that business cannot. They will intuitively design a system that is best placed to anticipate and stop the threat at the most likely vector. A military minds first thought is going to be ‘how best can I defend this system with the resources I have at my disposal?’ and ‘what are the multiple ways to efficiently do this?’. Their first thought is not going to be ‘how best can I sign this customer up to our platinum plan because that is where my commission is made’.
My previous background in military intelligence has limited my exposure to the commercialisation of information security. So as I assessed the industry in 2017, I was appalled at the flooded product market that is providing business with a sense of security on purchase. One of the primary aims of military defensive strategy is to create a protection system so you can return to offensively attacking your enemy. At no point is the military mind thinking of sales. Information security strategy needs an approach that is trained at anticipating threats (hackers) and reducing risk. The activity of a risk audit is not the one stop shop for cyber security, we need benchmarks and standards that specify credible defence…Click HERE to read full article.
