Skip to content
cyberwarfare header

A STRATEGIC VIEW OF THE RAPIDLY CHANGING BATTLEFIELD

Written by Mick Lehmann and Ross Wehby

There is a military adage that also rings true for cyber security. A leader is always asking themselves: “What now? What next? What if?”

As the impacts of the Optus breach ripple out through the community, we’re reminded of that wisdom … and of the warning from the Government’s last Cyber Threat Report that Australia faces

“an unprecedented threat to (our) economic, political and security interests”.

Regardless of the nature of the Optus breach, there’s a lingering question: if this can happen to one of our largest telecommunication companies then who else is vulnerable? As the interrelationships between hardware, software, IT, OT, data, ML and people become more complex, the answer is likely to be shades of ‘everyone’.

For those whose information has been stolen, there’s uncertainty and fear over what might be done with their stolen data, and, for any company which touches personally Identifiable Information, there are lessons to be learned from those three simple questions.

What are those lessons? What Now?
First, the cyber threat facing Australia is aggressive, pervasive, and industrial in scale. To complicate things, cyber threats are holistic threats, with people central to both the threat AND the solution. Today’s cyber threats need an all-hazards approach to address them.

Second, the attack methods and tools being used range from ‘basic and noisy’ to ‘sophisticated and clandestine’. For example, unpatched vulnerabilities or configuration issues like unauthenticated API endpoints are a veritable gold mine to would-be attackers, and their identification and treatment need to be an integral part of an organisation’s cyber hygiene.

While the solution will vary from organisation to organisation, it’s hard to see how holistic protection does not include zero trust architecture, advanced identity and access management capability, and a truly modern SIEM, including Risk Based Alerting and automated responses. But cyber hygiene isn’t just about tools and specialists, it’s about ensuring that everyone in an organisation – it's human ‘firewall’ - is trained, aware, and always engaged.

Third, a hack is (almost always) the means and not the end itself. Organisations must know what their cyber security is protecting and what its ‘crown jewels’ are. Usually, this involves data in some way, shape or form. So, cyber security must be able to see where data is moving, particularly if it is moving outside the perimeter, regardless of whether data moves as a flood or dribbles out. More broadly, an organisation’s ICT ecosystem must know its operational patterns and, in as near to real-time as possible, identify and investigate any outliers to those patterns.

 

 

Untitled design (3)

Finally, we’d argue that cybersecurity must be an ongoing Board-level agenda item. For anyone playing in Australia’s 11 new critical infrastructure sectors, this is a legislated requirement – although there’s breathing room until Minister O’Neil triggers the SOCI 2018 Act’s new requirements for a Risk Management Program. For everyone else, the increasing media coverage of breaches, and the Government's commentary on them should be more than enough incentive to treat cyber security as an essential part of their brand and their future.

What Now to What Next and peering into What If?
Cybersecurity must be based on a constantly updated understanding of a businesses’ hardware, software, networks, data, and people. This understanding must be translated into a cohesive, risk-managed, and all-hazards plan, and – from there – into properly funded, integrated, and maintained capabilities run by sufficient, well-trained staff. While the role of the CISO is pivotal, cyber and data security needs the ongoing attention of senior business leaders, particularly to consider the investment decisions that may be needed to treat cyber security and
data risks.

Whatever decisions are made, band-aids aren’t enough. This is where a company like the NEXTGEN GROUP can help facilitate, coordinate, and orchestrate the right technologies, vendors and partners that can develop a more modern and holistic solution to mitigate the ever-changing cyber threats. NEXTGEN works with organisations to treat cyber risk with innovative capabilities, including cybersecurity, network and data visibility/resiliency, and identity and access management. Our vendors and partners - often exclusively - provide a cohesive and complementary cyber security and data solutions suite. This ecosystem ensures a
holistic, multi-layer approach, which both works with, and improves, existing technology stacks. For example, our best-of-breed, next-generation, cyber security vendors offer a tapestry of complementary technologies across three pillars; Zero Trust; the SOC Visibility Triad of SIEM, NDR, and EDR; and the emergence of XDR and real-time Observability.

Looking at the What If? NEXTGEN focuses on vendors that have, or are developing, the next generation of cyber and data resilience technologies. These improved and emerging solutions are needed to detect and defeat their evolving threat counterparts, defending and protecting organisations and the data they hold.

Meet the authors:

1-Oct-07-2022-04-22-06-50-AM

Ross Wehby, CSM
Head of Cyber and Data Resilience

Ross served for over 20 years in the Australian Defence Force and has a breadth of experience in strategic planning, leadership, and advisory expertise in the areas of national security, military and special operations, domestic counterterrorism, targeting electronic warfare, and threat intelligence across the operational spectrum.
 
Ross is a globally recognised subject matter expert in offensive capabilities and has provided high-level security policy guidance in complex international environments for Governments, NATO and the UN in Asia, North America, Europe, and the Middle East. His service was recognised with the award of a Conspicuous Service Medal in 2019.
 
Previously, Ross worked for CyberCX as a Principal Consultant developing cyber strategies, supporting incident response and facilitating cyber wargaming and cyber preparedness for ASX50 companies and government departments.

2-Oct-07-2022-04-22-26-43-AM

Mick Lehmann, CSC
General Manager Government

Mick served for over 30 years in the Australian Defence Force as an intelligence officer. He has three Master's degrees, is published on cyber security, is an active contributor to Australian policy issues, such as SOCI 2018 reforms, and was awarded a Conspicuous Service Cross related to Afghanistan. 

Prior to joining the NEXTGEN Group, Mick has been the Australian cyber lead for two global companies and most recently worked for Splunk in the Defence and National Security.

Screen Shot 2022-10-17 at 11.38.58 am
Centralised resources to keep your clients secure while increasing revenue opportunities for your business
NEXTGEN.GROUP_.LOGO_-2

NEXTGEN Group is the growth engine for enterprise technology companies looking to successfully investigate, launch and scale in APAC.

Get in touch

To hear more about what NEXTGEN is doing or to hear from our Cyber Team, get in touch today. 

Mask Group 388
Mask Group 386