• Free Daily Newsletter
  • Get Premium
  • Small Logo
  • About
  • Partner Pages
  • Support & FAQs
  • Log in

The Mandarin

The Mandarin
The Mandarin
  • Small Logo
  • Premium
  • Careers
    • Search SES Jobs
    • Career Advice
  • News
  • Editors' Picks
  • Portfolios
  • Events
  • Resource library
  • Small Logo
  • Premium
  • Careers
    • Search SES Jobs
    • Career Advice
  • News
  • Editors' Picks
  • Portfolios
  • Events
  • Resource library
Home Features The biggest bang for your cybersecurity buck: key questions

The biggest bang for your cybersecurity buck: key questions

By The Mandarin

Wednesday December 16, 2015

Cybersecurity is just another form of risk to manage at a business and government agency level. And cyber awareness is growing.

But cyber maturity levels within companies and agencies, including spending on security products and services, varies significantly between agencies, companies and countries. Getting the most from your cybersecurity spending and strategy requires asking some key questions.

“There are three phases of cybersecurity maturity among government agencies and businesses,” said John Ellis, chief strategist of cybersecurity for Akamai, a global leader in content delivery and internet network services. “There’s the ‘panic scramble’, the ‘pit of despair’ and then there’s the approach that adopts a security framework as a core enabler.”

Ellis’ customer scope centres on Asia-Pacific and Japan. He was in Australia recently to address a gathering of Australian government agency leaders at a private breakfast meeting in Canberra (his full presentation can be viewed above).

“If you want the ability to deliver services regardless of disruptive events, it starts with asking some tough questions.”

With the recent cyber attack on the Bureau of Meteorology, many agency leaders should be asking which phase best describes their current cyber security status. The BoM hit, attributed to Chinese attackers, was a jolt to a sector that, until now, has been relatively immune from large-scale attacks like those experienced by the US government’s Office of Personnel Management.

The BoM breach, reported to cost “millions of dollars” to fix, is more problematic because the BoM’s systems and the data go beyond any simple definition of a “straight weather service”. The bureau’s chief executive, Robert Vertessy, describes BoM as a “broad-based environmental intelligence agency”. Its systems feed into many other government departments, including the Department of Defence.

Such is the nature of the increasing risk associated with cyber attacks. Both the number and type of those attacks increases exponentially as governments, like businesses, are becoming ever more reliant on the internet and mobile access to better service a broad range of constituents and stakeholders.

The internet was built for connectivity, not security. And as governments and businesses continue to embrace the digital era, so too have hackers — either state-sponsored or highly organised private actors — seeking to steal trade secrets and disrupt key services.

Each agency CEO is responsible for their data security and the typical approach has been to build in layers of security (antivirus programs to firewalls) to new and legacy systems. This adds cost and management complexity.

“Security is an all-of-agency exercise, but there is no common whole-of-government security architecture and spending varies between countries and industries,” said Ellis.

He says, on average, agencies spend about 2% of their total IT budget on security, far lower than the 8% mandated by the security-conscious Israeli government or the 10% mandated by Singapore. Tier one banks, by contrast, spend some 15% of their total IT budgets on cybersecurity.

2015-12-16_14-22-34Akamai’s business is about making the internet a reliable high-performance network for governments and businesses. Its global network, which has evolved in scale and sophistication since the birth of the commercial internet, carries around 30% of global web traffic each day — some 2 trillion transactions. The sheer scale of this produces massive amounts of data on many metrics related to broadband connectivity, mobile access, cloud security and media delivery. Its latest State of the Internet security report for the third quarter was released recently.

“With the media announcing some form of a breach almost every day, news about cyber attacks is at risk of becoming white noise,” said Ellis. “The frequency of these security incidents can tempt many government agencies and businesses to put the breaks on cloud adoption and, in some cases, the use of shared services is frowned upon. This creates a significant disadvantage for those organisations.”

As the BoM attack makes painfully clear, agency leaders are having to come to terms with a risk they have little real ability to quantify and equally are unable to reason through an appropriate mitigation strategy. According to Ellis, agency leaders and CIOs need to take a far more holistic view and see security as a business issue rather than a narrow technical problem.

“The best approach is to work toward building ‘resilience’,” he said, referring to the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions through a combination of technologies and clear management practices.

“If you want the ability to deliver services regardless of disruptive events, it starts with asking some tough questions. Are our security investments aligned with protecting what is important? How do we know our security investments are improving our security posture? How ready are we to respond to cybersecurity attacks (with minimal or no service disruption)?”

About the author
The Mandarin

By The Mandarin

The Mandarin staff journalists.

People: John Ellis

Companies: Akamai

Partners: Akamai

Tags: Akamai cybersecurity Digital digital government e-government John Ellis

Login
Please login to comment
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
jim80
jim80
6 years ago

Great presentation John Ellis, very compelling.

0
The Mandarin Premium

Canberra’s changed

Stay on top for only $5 a week

 

Get Premium Today

Already a subscriber? Login

By The Mandarin

Wednesday December 16, 2015
The Mandarin
Text size: A A A

Upcoming Events

01
Apr
Postgraduate studies in regulation and governance at ANU RegNet
14
Jul
Building Visibility + Influence for Women in the Public Sector – MASTERCLASS
03
Aug
Playing Bigger: Uplevelling Influence + Impact for Public Sector Leaders – ONLINE PROGRAM
15
Aug
CILT International Diploma in Logistics and Transport (Public-Sector)
21
Jun
Humanify HR Consulting – HR Leadership in Practice (HRLP)
View Calendar

Partner Content

Whitepaper: Data management during a machinery of government change

Whitepaper: Data management during a machinery of government change

The future of regulation: technology adoption
Promoted

The future of regulation: technology adoption

Whitepaper: Achieving patient centricity through data-driven care

Whitepaper: Achieving patient centricity through data-driven care

Latest Jobs


  • Head of Programs

    Cranlana Centre for Ethical Leadership at Monash University

    • VIC CBD
    Closing date 22nd July, 2022
    3 days ago Full Time - Fixed Term
  • General Manager Decision Support Services

    Bureau of Meteorology

    • National
    Closing date 10th July, 2022
    4 days ago Full Time - Ongoing
  • Multiple Directors - Engagement, Partnerships and Communications

    Department of Customer Service

    • NSW CBD, Regional
    Closing date 1st June, 2022
    1 month ago Full Time - Fixed Term
  • Executive Director Corporate Services - Canberra, Melbourne or Sydney

    Australian Commission for Law Enforcement Integrity

    • VIC CBD
    Closing date 3rd July, 2022
    6 days ago Full Time - Ongoing
  • Executive Director Corporate Services - Canberra, Melbourne or Sydney

    Australian Commission for Law Enforcement Integrity

    • ACT CBD, Regional
    Closing date 3rd July, 2022
    6 days ago Full Time - Ongoing
  • Executive Director Corporate Services - Canberra, Melbourne or Sydney

    Australian Commission for Law Enforcement Integrity

    • NSW
    Closing date 3rd July, 2022
    6 days ago Full Time - Ongoing
Search All Jobs

Login

Get Premium now. Not ready? Get the free Daily newsletter.

Forgot password?

Share via email

Access your 3 free Mandarin Premium articles

As part of your free trial you will receive 'The Juice', The Mandarin's daily free newsletter, the 'Premium wrap' every Saturday and marketing emails. You can opt out at any time.
Content
  • Small Logo
  • News
  • Research Series
  • Features
  • Portfolios
  • Jurisdictions
  • New Zealand
  • People & Capability
  • Thought Leadership
  • Editors' Picks
  • Resource Library
  • Site Map
Products & Services
  • Small Logo
  • The Juice Newsletter
  • Partner & Advertising solutions
  • Mandarin Live
  • Public Sector Events Calendar
  • Partner Content
  • Premium
  • Careers
Legal
  • Small Logo
  • Privacy Policy
  • Terms of Usage
  • Code of Conduct
Connect
  • Small Logo
  • About Us
  • Contact Us
  • Support
  • Our Team
Social
Copyright © The Mandarin
Private Media logo CRIKEY SMARTCOMPANY
wpDiscuz