Following table shows a quick overview on the 6 Cyber Shields, however I do encourage to read the full content – https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy/2023-2030-australian-cyber-security-strategy
| Shield | Key Actions | Additional Suggestions for Implementation |
|---|---|---|
| Strong businesses and citizens | 1. Support SMEs in cyber security. 2. Help Australians defend against cyber threats. 3. Disrupt cyber threat actors. 4. Break ransomware business model. 5. Provide clear cyber guidance. 6. Simplify incident reporting. 7. Support identity theft victims. | – Develop interactive online platforms for cyber education tailored to SME needs. – Launch nationwide cyber awareness campaigns in schools and workplaces. – Establish dedicated cybercrime task forces. – Promote widespread use of ransomware incident reporting tools. – Regularly update and distribute cyber best practices guidelines. – Create a centralized, user-friendly cyber incident reporting system. – Strengthen and publicise support services for identity theft victims. |
| Safe technology | 8. Ensure trust in digital products/software. 9. Protect valuable datasets. 10. Promote safe AI use. | – Implement a certification program for digital products meeting cyber security standards. – Regularly review and update data protection protocols for crucial datasets. – Introduce ethical guidelines and review mechanisms for AI development. |
| World-class threat sharing and blocking | 11. Create threat intelligence network. 12. Scale threat blocking capabilities. | – Foster public-private partnerships for threat intelligence sharing. – Develop real-time threat detection and blocking systems, with regular updates and improvements. |
| Protected critical infrastructure | 13. Clarify critical infrastructure regulation. 14. Strengthen compliance for critical infrastructure. 15. Uplift government cyber security. 16. Identify infrastructure vulnerabilities. | – Streamline and standardize regulatory frameworks across sectors. – Implement regular compliance audits and mandatory training programs. – Enhance cyber security measures within government agencies. – Conduct regular, comprehensive infrastructure vulnerability assessments. |
| Sovereign capabilities | 17. Professionalize national cyber workforce. 18. Boost cyber industry research/innovation. | – Create specialized cyber security education and training programs. – Establish grants and incentives for cyber security research and start-up innovation. |
| Resilient region and global leadership | 19. Support regional cyber resilience. 20. Shape international cyber norms. | – Collaborate with neighboring countries on joint cyber resilience initiatives. – Actively participate in global forums to influence cyber security standards and policies. |
The Australian government’s commitment of 600 million AUD to its cyber security initiative is a big step, like buying a top-of-the-line security system for your home. However, the big question remains: will this hefty investment actually stop cyber breaches, or is it just like installing a fancy lock on a door made of cardboard?
Take ransomware, for instance. In 2023, 84 Australian organisations have already been named in attacks with most of their data leaked but we have forgotten them and businesses have moved on. That’s a steeper climb than my attempt at yoga, which failed miserably! Compared to 2022, this graph is shooting up faster.
Now, let’s talk about due diligence. It’s like realizing you’ve got a broken window at home. Sure, you could wait for the neighborhood watch to come around and tell you to fix it, but by then, your cat’s already hosting a party for the local raccoon gang. DP World’s recent incident of not patching the Citrix vulnerability is like forgetting to fix that window. You can’t just slap a “Beware of the Dog” sign and hope for the best.
Organisations need to shift from a “convenience-compliance” mentality to a “threats-risks-security” mindset. It’s like deciding between using duct tape to fix that broken window or actually getting a new pane of glass. Sure, duct tape is convenient and complies with the “technically, it’s covered” standard, but it won’t stop those cockroaches (read: threat actors) from waltzing in.
To sum it up: throwing money at the problem is great, but it’s like buying gym equipment and never using it. Organisations need to actually start lifting those cyber security weights themselves. Otherwise, we’ll just see more buff raccoons (threat actors) and less secure homes (businesses). It’s time to replace that duct tape with real solutions, folks!
Reach out for more discussion!
Thirdeye Intelligence 
Leave a comment