Type to search


Maintaining ongoing cyber security within government organisations

2 min read

Sometimes, the biggest misconceptions with cybersecurity are to associate products and services with an ideal cybersecurity strategy and create a bulletproof level of confidence. However, most of Australia’s ASX 20 organisations including the top four banking institutes, financial services, capital markets and of course the government sector couldn’t be further from the truth.

Let’s take a look back over the last couple of years and months – recent hacks have compromised some real sensitive details such as payroll information, user personality tests, medical records, performance reviews, drivers’ licenses, personal addresses etc. As you can think, organisations at this tier spends millions on cyber prevention however, organisations get involved in an incredible amount of cybersecurity risk and breaches. Why?

Often at times people talk about ‘people’ being the weakest link in the cybersecurity chain. I disagree. People aren’t the weakest link if they are utilised correctly. “IT” people see users as liabilities, however, “IT” people do very little to empower, educate and create recurring moments where if users see, or feel something wrong is happening they challenge the situation. In most cases attacks happen in less than 2 hours by doing a targeted attack on an individual. Creating a level of pain, or associating a level of discomfort where the user will likely want to know “more information” and getting the user, to do a certain action which essentially causes the breach.

Using and complying with ISO standards is a good starting point, but as anything else it needs more attention.

As part of our cybersecurity strategy the number one tactic many organisations use is: to ensure they are ISO compliant –making sure they are following the “frameworks and industry best practices to prevent attacks” however, it doesn’t seem to do much. Having policies, documentation, standards and processes doesn’t mean anything. I’m here to give you the understanding that attacks are real and guess what – organisations are doing exactly what each other are doing – they are following one another and are in a state of what I call “mob mentality “. Organisations should rather be in their own dedicated cyber security tier and develop specific strategies that align with their core business challenges.

Sometimes the best strategies and tactics to developing a winning cybersecurity strategy is often having minimal and simple technology and no flashy lights.

About the author:

Andrew Constantine is the founder of Australia’s Largest Private Community of technology leaders specialising in preventing cyber security threats with more than 3,000 private members.  His vision is to improve traditional cyber security education by introducing the real world approach.
Being the author of the CIO Solution Book – This was followed by the launch of CIO Cyber Security, a private advisory firm designed to help fellow Technology Leaders raise more cyber security awareness to executive management, by running simulated cyber security attacks and cyber warefare scenarios in a controlled environment.
 Andrew is an advocate of giving back to the community and supports Bear Cottage -fundraising and supporting children with life-limiting conditions.

Sign up for FREE to have full access and get a weekly e-newsletter!