Australia summit puts spotlight on cyber intelligence and supply chain security

Transparency and collaboration were the two key themes to come out of Clyde & Co’s 2024 Cyber Summit, which was sponsored by FTI Consulting in Sydney. The event saw 37 speakers from government, regulators, and the private sector share their insights with around 1,000 attendees, projecting what lies ahead for Australia as it looks to become the most cyber-secure nation by 2030.

Government focuses on information sharing

Representatives from the Australian government agencies that have cybercrime and espionage within their purview, the Department of Home Affairs, Australian Signals Directorate and the Australian Federal Police, emphasised their priority to help organisations respond to cyber risks and attacks through transparency and collaboration. 

One key initiative is to improve ‘information sharing’ between industry and Government, to ensure they have full visibility of the cyber threats affecting our economy, and determine how best to respond and manage the associated risks. Information sharing is vital to enhancing cyber resilience – the ability to quickly and efficiently respond and recover from a cyber incident – but only if the shared intel is actionable. An overload of information can become problematic if organisations must spend time and resources determining what is a tangible threat and what is just noise. 

The Government is also exploring a mechanism for organisations to report ransomware incidents, including if they have paid a ransom. Far from playing the blame and shame game, authorities want to encourage openness and improve cyber intelligence, while discouraging the continued victimisation of companies who have already fallen victim to an attack.

Meanwhile, the Office of the Australian Information Commissioner (OAIC), Australia’s privacy regulator, emphasised the importance of having prevention strategies and response plans in place as a critical measure to reduce serious harm. Although not all organisations are mandated to notify the regulator of all data breaches (there are various thresholds for notifiable data breaches in Australia), the Privacy Commissioner highlighted her concern that unreported data breaches are seriously affecting supply chains.

Industry focuses on supply chain security

Panelists representing SMEs highlighted the importance of proactive cyber risk mitigation. They discussed the need to have a robust incident response plan, conduct regular reviews of security practices, and set clear expectations for third-party providers, particularly regarding data retention and disposal. 

Supply chain security was a key area of concern for many speakers at the conference. Threat actors are cunning and know that by targeting a single vendor, they can simultaneously impact multiple organisations and increase the likelihood of compromising entire supply chains. Third-party cyber risk is a unique challenge in that organisations are aware that it is an issue but are unsure of how to properly manage this threat. A survey of attendees at the Cyber Summit found that more than 60% were not confident in their ability to manage supply chain / third-party cyber risks.

Summit speakers agreed that Australia should consider mandating cyber insurance for organisations handling high-risk or large volumes of data, to ensure they have the financial capacity to respond to cyber incidents. Verifying the cybersecurity credentials of other organisations involved in the supply chain will continue to be an increased focus for Australian businesses.