Published on the 09/12/2013 | Written by Newsdesk
Discussions about computer security are slowly filtering out of the IT shop and being considered at senior executive and board level – just not fast enough…
Computer security is no longer a topic confined to technology departments, but is increasingly being recognised as a broader business issue. As a result senior executives and boards, along with enterprise risk managers, are paying more serious attention to the issue according to Gerry Tucker, regional director for Websense ANZ.
However Alastair MacGibbon, director of Australia’s Centre for Internet Safety, said that he was surprised when speaking to Australian company boards and CEOs that “there is not a consistent board level discussion,” with security issues too often still delegated to “a couple of pointy headed people in a corner”.
But Tucker warned that senior executives were about to face a wake-up call about computer security in the form of highly targeted attacks. He said Websense analysis suggested that overall the level of malware attacks would decline in 2014 – but the attacks which took place would be far more targeted, and directed “at individuals of potentially high value”.
“The bad guys are going to be more focused and go after targets that will deliver a better ROI for them.” He said that while the volume of attacks might drop in 2014, the risk associated with each attack would increase. Senior executives who had both high net worth and access to sensitive and valuable company information would be a bigger target than ever.
Tucker also forecast that cloud computing vendors would become more of a target in 2014, warning of the very real risk of cloud data being held hostage by cyber criminals. This meant that enterprises selecting cloud vendors needed to pay particular attention to the security systems when performing due diligence.
He lamented the ongoing lack of legislation in Australia which mandates disclosure of security breaches which would at least ensure that the issue had a much higher profile. MacGibbon agreed that “to break the culture of not talking about this you have got to have a regulatory framework that compels everyone to do this”.
MacGibbon was also critical of the frameworks that Australia has put in place to safeguard individuals’ online privacy.
Australia’s privacy landscape will receive a shakeup in March 2014 when new privacy laws come into effect. The new legislation extends the powers of the privacy commissioner, but MacGibbon said. “It’s a crying shame in a modern economy that we don’t have a strong privacy regulator. We have a good privacy regulator…but we are giving them teeth without muscles.”
