As the digital space continues to grow and evolve, so does the risk of cyber attacks. New threats such as ransomware have left organisations scrambling, and many are left wondering just how can one successfully overcome such challenges within cyber security.
Public Spectrum has caught up with Simon Carabetta, Project Coordinator of ES2 and cyber security expert, for his insights regarding the constantly evolving cyber space.
Simon is a former public educator turned security advocate and awareness trainer. He has a passion for raising awareness for IT and System Security and loves speaking about the best ways that individuals and organisations can transform their online habits to build better resilience and minimise their risk.
In his spare time, Simon volunteers as a mentor and tutor for at-risk refugee children in Perth’s northern suburbs via the Achievers Club, a charity in Western Australia that helps to give students from low socio-economic backgrounds the opportunity to be the best they can be. His proudest accomplishments are his three young sons, with whom he spends time playing Nintendo Switch and hide and seek.
In this interview, he explains how organisations and people can navigate the constantly evolving cyber space.
How has Australia’s digital space been changing in the last few years and in what ways has it affected the cyber security sector?
That’s a good question and one that can’t comprehensively be answered here, but I can give some insight into the changes that have occurred within organisations.
Most people don’t know this, but I used to be a public high school teacher. Back in 2006 when I first started teaching, I barely used software that required connectivity. You could say that most of what we were doing in the office was “air-gapped”. In fact, not having access to the internet back then wasn’t the panic-inducing mother of chaos that you see in organisations today. Much of my lesson planning and teaching resources were paper, so if the printer was working, everything was fine.
What we’re seeing today in Australia is the result of at least half a decade of rapid digital transformation. Every tier of government has had some form of digital transformation, and the COVID-19 Pandemic has really accelerated that. However, rapid digitization of business processes, the move to cloud data storage, and a heavy reliance on connectivity, have increased the attack surface ten-fold.
What we’ve seen since March of 2020 is wave after wave of various forms of cyber attacks and vulnerability exploitation, the likes of which we haven’t experienced before. This brings me to the last part of that question, and that is the security sector has also grown out of pure awareness of digital risk and awareness of how cyber incidents can impact business continuity. The biggest issue is that the sector’s growth hasn’t been commensurate with the increase in threats.
With the country moving towards a more digital-driven society, what are the strategies that cyber security professionals can use to keep up with the new challenges they’re facing?
This reminds me of the film, Fight Club. Much like the first rule of Fight Club, being that there is no Fight Club, the first rule when the cyber security team speaks with the executive is that there is no Cyber Security. Instead of mentioning cyber risk and the security threats that exist, they should use real-world scenarios that could play out and how that will impact the organisation.
One very notable thing about the security sector is that professionals are continually refining their knowledge and skills. There is a genuine culture of life-long learning within the sector, and this is for people both within the technical and non-technical spheres of security. However, I really must say this: the onus is really on Governments and other industries to take a more proactive approach with their security strategy and policies.
When organisations talk about risk, cyber risk must be at the very top of the conversation and it cannot simply be lip service or a box-ticking exercise like it has been for the past few years. Adopting a culture of security and making that happen across an organisation is no small feat, but it is possible if executed the right way.
You mentioned in your recent Linkedin article that “everyone works and lives, breathes, eats, cyber security”, can you elaborate on that?
Yes, the context around that article and the point I made, was that there is no cyber security. Cyber is just the vector of attack. If criminals and state-based threat actors could get into government departments and organisations in an easier, quicker way, then they would.
The reason everyone lives and breathes security is that we’re all using digital platforms, and therefore we must be aware of the risks to ourselves, our families and the organisations we work for, or are connected with.
Not mentioning the cyber of cyber security is important, because it’s at that point where most people switch off, become fear-driven, or simply find the concept overwhelming. It’s a word that has developed negative connotations due to media associations and stereotyping, so it’s time that we ended the term altogether and replaced it simply with security and risk.
As cyber security continues to evolve alongside digital transformation, what is the best advice that you can give not only to organisations but also to individuals?
To organisations: Try your best to implement and drive an engaging, meaningful and educational security awareness program. Make it fun, make it rewarding, and most importantly, make it about people. When organisations attempt to educate people and try to raise awareness for important topics, they sometimes forget to make it relatable and talk about how it can impact them personally.
Take an Occupational Health and Safety approach to teaching security. In the 1970s and 80s, many organisations were trying their best to implement health and safety standards and it wasn’t long until they drove the message that it ‘starts at home’. We don’t have 30 or 40 years to get organizational security right, so we need to be careful with the message and think about how we can engage better.
For individuals: Don’t be scared. Try to read and learn as much as you can. There are lots of resources available online as well as a number of Australian-based podcasts that can help you to better understand security.
Talk with your kids about the apps and games they’re using on devices and hit up the Australian Cyber Security Centre website as well as the Office of the e-Safety Commissioner site which has a plethora of resources available.
Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.
