Cyber security should be addressed with small companies first, experts say

Cyberfinal

Experts in cyber security are concerned that a lack of security in smaller companies and start-ups creates room for attacks.

The concern comes from IT industry experts that are pushing for companies to pay more attention to securing their infrastructure.

Giovanni Polizzi, energy solutions manager at technology company Indra, said new companies were using insufficient security systems.

“A lot of start-ups, in Australia especially, are using devices, which are connected into these energy resources, which have absolutely not undergone any kind of cyber security survey or assessment,” he said.

In the retail market, companies offering cyber security had to go low in prices for businesses to buy security systems, said Polizzi.

“Companies buy electric boards from the Chinese market, which are often open design, so very easy to duplicate –  there’s no security,” he said.

There were concerns the network could be destabilised due to poor systems, said Polizzi.

“Are we worried about the security of this device that people can almost buy at the supermarkets and that can be controlled by cloud solutions or by other kind of centralised solutions?” Indra was looking to find a best practice solution along with Monash University, he said.

But in the meantime, companies are buying low-quality security, despite cyber security being on the top of their minds.

Frost and Sullivan, industry director at analyst firm Frost and Sullivan, Ivan Fernandez, said the firm did a global survey of key IT decisions makers in the energy space, which asked companies what their top challenges were.

“The number one challenge from them, was not about aligning IT with the business or systems integration or compliance. It was simply security. In terms of security their concerns were around espionage, cyber warfare, malware, cloud [and] IoT,” said Fernandez.

“The challenge we found with quite a few of those conversations with a lot of these entities was that they did not have understanding and expertise in-house on matters of cyber security,” he said.

It was almost as though companies were asking for the solution, said Fernandez.

One solution found by Phil Kernick, chief technology officer at CQR Consulting, was getting the Australian government involved to support mid-small companies with their security.

“The government needs to help the mid-part of the market, even the low end of the market. They get a little bit better, everyone wins. It’s an ongoing skirmish between the good guys and the bad guys. What we have to do is increase the cost to the attacker. Eventually, the cost of attack isn’t worth the return on the attack,” said Kernick.

“This is how it works with humans. There’s humans doing the attacking, it’s not AI machine-learning doing the attacking. What we can do is raise the cost,” he said.

The cost needed to be raised from the bottom to make it harder for people to get in through the supply chain, said Kernick.

“I don’t think the Government needs to support the top end of the market. The top of the market is profitable enough, it has enough corporate governance,” he said.

The government needed to enforce it at the top end of the market, but actively help with the mid-low end of the market, said Kernick.

The Australian government has a cyber security centre, which brings together cyber security capabilities from across the Australian government to improve the cyber resilience of the Australian community and support the economic and social prosperity of Australia in the digital age.

It drives cyber resilience across the whole of the economy, including critical infrastructure and systems of national interest, federal, state and local governments, small and medium businesses, academia, the not-for-profit sector and the Australian community.

The centre collaborates with the private and public sector to share information on threats and increase resilience, as cyber intrusions on Australian networks become an ever-increasing threat.