Cyber security requires ‘eternal vigilance’ says Tudehope
By Leon Gettler, Talking Business >>
BUSINESSES and government agencies are now taking cyber security more seriously. The big change has been since the Federal government brought in minimum standards.
David Tudehope, the founder and CEO of Macquarie Telecom, compared it with fire insurance.
“There was a period when there were no standards on what was acceptable by way of fire prevention and fire response and it was very difficult for businesses to know how to protect their buildings,” Mr Tudehope told Talking Business.
“And 100 years ago, they brought in minimum standards for buildings and I think in terms of fire protection and sprinkler systems and water houses and fire hydrants, and the things we take for granted weren’t part of that,” he said.
“It’s similar to cyber security. When you have minimum standards, it does prevent and reduce the impact.
“There is a value, in having minimum standards for cyber security in critical industries of course, the ones that are most important to the economy and also in other sectors as well.”
GOVERNMENT MUST HELP
Mr Tudehope said these type of preparations require government involvement.
“It’s not about red tape. It’s about protecting the economy, individuals and businesses’ data,” he said.
Mr Tudehope said compromised information can be restored by storing the information and data in a separate place from the primary, in a cloud that’s separate from the primacy cloud, and in a separate location.
He said combatting cyber threats requires good preparation, talented people and eternal vigilance.
He compared it with the way some people treat “a mousetrap to get rid of mice, instead of being vigilant”.
“The issue is, you need to constantly tune your placement of the mouse-traps, the cheese you use, you have to take away the dead mice,” Mr Tudehope said. “No healthy mouse is going to walk into the same trap with dead mice sitting in it.
“That eternal vigilance, as the Americans would say, the block and tackling, is key to success, rather than the initial purchase and initial deployment which is where the money and the energy goes,”
“It means constantly doing the things you did initially over and over again. Putting in fresh cheese, taking out the old cheese, moving the mouse-trap to a different location. These are the things that are key and what that translates to, back in the world of cyber security, is the criticality of security operations.
“Assuming you buy a quality industrial strength firewall and other kinds of cyber security software, and you install it correctly, the action is at the ongoing management of the security operations.”
NEED CYBER SECURITY ON STAFF
Mr Tudehope said this kind of cyber vigilance required having cyber security on staff.
“The problem now is that there is a shortage of this sort of expertise as these experts were always looking out for career paths and challenges,” Mr Tudehope said. “It is very difficult to retain this sort of expertise on staff. With more companies investing in cyber security teams, only a modest number of people are entering the industry.”
Training people into doing this sort of work takes time, he said.
“The key in the absence of that is for people to work out for their business what their priorities are, whether they can do it themselves, or whether they should use a managed security provider,” Mr Tudehope said.
“It is also very important to vet the people you have working for your business to make sure they are who you think they are.”
Hear the complete interview and catch up with other topical business news on Leon Gettler’s Talking Business podcast, released every Friday at www.acast.com/talkingbusiness.