EDITOR'S DESK - Australian Cyber Security Magazine, ISSUE 12, 2022

The latest Federal Budget had technology and cybersecurity on the main stage with a broad range of policies and strategies, including the release of the Digital Economy Strategy 2022 Update which supports progress to become a top 10 digital economy by 2030.

In addition to 120 per cent business tax concessions for cybersecurity, the Government announced REDSPICE. Nothing like a good acronym - Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers, or ‘REDSPICE’ is the government’s response to increasing threats of global cyberattacks, and is the nation’s largest investment in cybersecurity to date. REDSPICE is funded to substantially increase the ASD offensive cyber capabilities, its ability to detect and respond to cyber-attacks, introduce new intelligence capabilities and supporting approximately 1,900 new ASD jobs throughout the coming decade. Indeed, government sectors will be competing against each other to build a skilled cyber workforce from a limited talent pool. An example is the Joint Policing Cybercrime Coordination Centre (or the ‘JPC3’), based in the AFP’s NSW Headquarters, which has just been established with $89 million in funding allocated in the Cyber Security Strategy.

With government efforts to lift their cyber capabilities ramping up, the greatest challenge remains meeting the skills demand for the sector – and it’s a worldwide concern. Interestingly, as a side note, with such a sustained demand on skills, as well as a demanding threat landscape, the mental health and stress management for the existing workforce has also arisen.

According to ISACA’s latest global report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations, organisations are continuing to struggle with hiring and retaining qualified cybersecurity professionals and managing skills gaps. Sixty-six percent report that their cybersecurity teams are understaffed. Almost 50 percent say it takes three to six months to find qualified cybersecurity candidates for open positions. The top factors hiring managers use to determine whether a candidate is qualified are prior hands-on cybersecurity experience (67 percent), a recommendation from a previous employer (32 percent), and credentials (20 percent).

Likewise, Amazon Web Services released a research study ‘Unlocking APAC’s Digital Potential: Changing Digital Skill Needs and Policy Approaches’, which found Australia needs an additional 6.5 million newly skilled and reskilled digital workers by 2025 – 79 percent more than we have today.

The skills challenge has been and will continue to be with us for some time. Government and industry will be competing for a limited resource and the global demand may make attracting offshore skills harder than what other sectors may experience. They’re at least being creative and proactive. A good example is the Co-Lab Honours grant, opened by the ASD and the Australian National University (ANU) which will bring together ANU academics and ASD’s analysts and technologists to collaborate on research projects and STEM career pathways for students.

In this edition, Kenneth Yu of Tesserent highlights the importance of investing in first responder training to enable your cybersecurity or IT team to better respond when an incident inevitably occurs. Skilled incident responders will know how to use tools that can take disk images, memory dumps and other data that can help. This is the equivalent of a digital autopsy, dissecting what happened to learn the cause and prevent a recurrence.

In his continued contribution, Vinoth Venkatesan provides some optimism for the Confidential Computing landscape and how this domain continues to evolve quickly. Confidential computing guards data in use by performing the computation in a hardware-based Trusted Execution Environment. These isolated and secure environments prevent unauthorised access or modification of applications and data while in use, thus increasing the security level of organisations that manage sensitive and regulated data.

Our cover feature on digital transformation (DX) comes from a panel session with IDC and regional insights for the Asia Pacific. Although the COVID pandemic sped up many DX plans, many of those plans were already in place before the pandemic hit. Nikhil Batra, Associate Research Director with IDC notes, “There was a new approach to resiliency, where you are not just addressing business challenges but learning to respond rapidly to extreme changes in the external environment.” Digital transformation, he believes, has now evolved into digital resiliency and helping organisations achieve the stature of a future enterprise. Those that have achieve resiliency have treated this pandemic as not just a challenge but also as an opportunity to leapfrog some of their competition.

We also include some of the more notable ‘Movers and Shakers’ and provide event takeaways from the inaugural Cyber Risk Meetup in Adelaide and Jane Lo provides her highlights from Singapore’s SheLeadsTech event with ISACA. We continue to take a deep dive into the cybersecurity domain, corporate risk management and throughout we have links through to our Tech & Sec Weekly Series and the latest Cyber Security Weekly podcasts.

On that note, as always, there is so much more to touch on and we trust you will enjoy this edition of Australian Cyber Security Magazine. Enjoy the reading, listening and viewing!

Chris Cubbage CPP, CISA, GAICD Executive Editor