CISO Lens

Nadia Yousef would like you to know...

My takeaways from this week’s The Australian Financial Review Cyber Summit… 🤝 Public-private partnerships are key to protecting Australian businesses and the communities they serve from cyber-attacks and the harm they cause. We’ve seen a real step-change in government openness and collaboration with industry over recent years, and I’m eager to see this continue into the future. 💨 We must collaborate and share insights at speed and scale, across both government and private industry, to support a national immune response to cyber threats. Cyber security is a shared problem that is best solved when we work together. 💰 Money is too tight to mention. Although some security budgets are increasing, most organisations are seeing their cyber budgets flatline. Vendors who push heavy price hikes will see clients walk away. Loyalty has its limits. A special shout out to Nicola Nicol, Tim Daly and Andrew Haddad for a great panel discussion. CISO Lens

I look forward to speaking at tomorrow’s The Australian Financial Review Cyber Summit, alongside a fantastic lineup of speakers. I will be on a panel with Tim Daly, Nicola Nicol and Andrew Haddad talking about the evolving role of the CISO, and the complex challenges facing cyber security executives across Australia. CISO Lens #afrcybersummit

Wonderful roundtable workshop in Melbourne yesterday facilitated by David Cullen. Among the topics of the day included a discussion on the impact of the Crowdstrike incident and lessons learnt. Interestingly, while Crowdstrike has only 15% of global market share, and 25% of the market in Australia, half our members are Crowdstrike customers. This is because our members are most of the largest enterprises across Australia and New Zealand (e.g. ~54% of the total market cap of the ASX200), and are the organisations that have sufficient resources to have a CISO - and this is not typical for most A/NZ organisations. Crowdstrike has traditionally been an enterprise solution and has an enviable track record. Crowdstrike has consistently ranked highly across our benchmarks where our members have said that it is one of the top vendors to do what it says it does, and has saved their bacon on numerous occasions. The enterprise market needs Crowdstrike to thrive and plow more into R&D, but also to never let this (or similar) incident happen again. So the key question is; how does the free market ensure that all software and SaaS vendors take the lesson from this incident: that they are global Critical Infrastructure and much more is expected of them. A common suggestion from our members is that Crowdstrike should not look for uplift at renewal time. Which links to another of the topics from the roundtable that, on average, CISO security budgets are only increasing by 5% while most vendors are lifting their subscriptions by a minimum of 10% and some as high as 40%. This is an untenable situation and is showing the vendors are not facing current economic realities. #securityleadership For Crowdstrike market share, see "Why investors see an opportunity in CrowdStrike shares", The Australian Financial Review, 23 July 2024. https://lnkd.in/gd9FRx4Z

Congratulations to IDCARE on your 10th anniversary. You continue to play a vital role in supporting the victims of data breaches, scams, identity theft, and cyber breaches. Thanks for everything you do.

When an organisation experiences a cyber incident, a common response by their enterprise customers is to sever connections to reduce the risk of lateral movement. Disconnecting digital connections, including blocking or quarantining emails from the victim organisation's domain, can have serious business workflow consequences to the customer organisations so it is never done lightly. We’ve seen this scenario - threat actors moving from supplier to customer - play out many times, and disconnecting is widely viewed as a prudent first step while everyone works out what's happened, and what's still happening. What often follows disconnection is the victim organisation then being bombarded with hundreds of questions from its enterprise customers, who are seeking assurances that reconnecting is safe so they can resume business processes. They want to reconnect, but they also want to know they will be safe.  As the trend of supply chain breaches continues, we think it’s important to help both victim organisations and their customers simplify the assurance process and know when it’s safe to reconnect. The CISO Lens community has generated these eight core questions they ask of their suppliers after an incident. #securityleadership https://lnkd.in/g2PvnTrj

This week I spoke with the wonderful June Ramli about the key topics being discussed by the CISO Lens community. We talked about boards, budgets, burnout, basic controls and the need for government and industry to work together to prepare Australia to respond to major cyber-attacks. You can read the article here 👇

ICYMI Security2Cure is on again this year; it's a combination of genuine security legends presenting on deep topics of interest to our community, as well as discussions around cancer; living with it, returning to work, and how cancer has affected the lives of security professionals. * 9th August in Brisbane * 23rd August in Sydney Security2Cure is a Suncorp Bank initiative. #securityleadership https://lnkd.in/gK46Rw2N

The four tiers of cyber governance. One of our members came up with this model and it resonated strongly with our community. The four tiers of cyber governance are: The basic tier, or tier one, is when the security team gets it.  Tier two is when the security team *and* their accountable executive get it.  Tier three is when the board also gets it. But the fourth tier is when all the non-accountable executives also get it. It’s only at that fourth tier that security, genuinely, becomes everyone’s responsibility. One of the biggest factors CISO Lens members see undermining an organisation's security capability is: risk acceptance by mid-level managers who have KPIs that are not aligned with good security, privacy, and data governance practices. When you've got them by the bonus, their hearts and minds will follow.

Through Project Robust, we are capturing feedback from the private sector on opportunities to improve Australia’s national cyber incident management arrangements. Our conversations showcase the genuine interest and desire from the private sector to come together, across companies and industries, and with the government to: *Share insights and intelligence *Build shared situational awareness *Help each other respond to major incidents, and *Minimise harm to the communities we serve. This work will continue over the coming months as we further explore the private sector's expectations for government and industry collaboration before, during, and after major cyber incidents in Australia. We share the government’s vision of making Australia the most cyber-secure nation by 2030. Part of that means ensuring we have a truly national approach to handling major cyber incidents. #ProjectRobust CISO Lens