Andy Penn Hands Down Cyber Security Industry Advisory Committee 2021 Annual Report


Staff Writer

The Chairperson of Australia’s Cyber Security Industry Advisory Committee, Andy Penn, says Australia is building solid cybersecurity capabilities. But he also warns the country needs to stay the course, investing money and resources along the way.

In a speech to the National Press Club on Thursday, marking the first Cyber Security Industry Advisory Committee annual report, the Chairperson and Telstra CEO said more abundant and better-resourced cybercriminals, cyber activists, and increasingly emboldened nation-states have Australia under constant cyber-attack. Mr Penn says Australia’s cyber defences need to be strong.

“Defences have to be strong, adaptive, and built around a framework that is coordinated, integrated and highly capable.”

The Cyber Security Industry Advisory Committee advises the Federal Government on cybersecurity issues. The committee is one cog in the $1.67 billion Federal Government investment to protect Australia from cybersecurity threats via its 2020 Cyber Security Strategy.

“The Australian Cyber Security Centre receives a cybercrime report every 10 minutes. Some 62% of small businesses have reported a cybersecurity incident. The World Economic Forum predicts cybercrime could cost the global economy US$6 trillion in 2021,” Andy Penn says.

“If a cyberattack takes down the electricity grid, it impacts telecommunications, it impacts finance and banking, it stops trains, it stops traffic lights and logistics come to a halt.”

Mr Penn’s wide-ranging talk covered several cybersecurity issues. Providing an update on the current threat landscape, the Telstra boss highlighted the growing threats of ransomware and ransomware as a service. He says anyone with access to the dark web can join a ransomware affiliate program, leasing ransomware in return for a profit split.

Secondly, Andy Penn described progress on key cybersecurity initiatives. He praised the Federal Government’s leadership. Mr Penn cites the 2020 Security Legislation Amendment Act as an example, saying it will see minimum cybersecurity standards applied to operators of important assets.

“For most mature organisations, these baselines will not be anything new. However, the reforms will seek to ensure that all relevant sectors have appropriate cybersecurity programs in place.”

Mr Penn also provided a view on where Australia should go next in its fight against cybercriminals. He noted the extra cybersecurity-focused resources poured into law enforcement agencies and argues this should continue. Andy Penn says Australia also needs to keep building its cybersecurity and IT skills via targeted programs and appropriate funding.

“If you get the basics of security right, you become harder to target, and eventually, the attackers will shift their attention elsewhere.”

Roger Carvosso, Strategy Director at FirstWave Cloud Technology, says Andrew Penn’s comments could not be more relevant. He says the cyberattack rate is increasing.

“Stark changes in societal and economic circumstances, such as the current lockdowns and tightening restrictions, are common lures for bad actors,” Mr Carvosso said.

“We echo the annual report’s call for businesses to increase their vigilance against cybercrime before it’s too late and for the government to do its utmost to equip small businesses with the tools and knowledge to know how they can counteract cybercrime before and when it happens.“