One weak (phishing) link, and an entire organisation could have the personal data in its virtual vaults spilled out over the Internet. Just a click on that email from “your bank” – even though it contained some funny spelling – and your savings could be wiped out.
This isn’t fear-mongering, it’s fact – and a reality of living in the digital era, says University of Canberra Associate Professor in Cyber Security Dr Abu Barkat Ullah.
“So much of what used to be face-to-face has now gone online, and working from home has skyrocketed as well,” Barkat says.
This is partly because of the COVID-19 pandemic – but we were always headed towards uber-connectivity, albeit perhaps at a slower pace.
“In this year alone, we have seen the Australian Parliament targeted by cyber attacks, as well as media organisations, the higher education sector, the aged care sector and even a food processing centre – and that is before we take into account individuals who have fallen prey to scams and ransomware,” he says.
“The coming years will no doubt bring more attacks, and from new and different areas. The more connected we are, the more careful we have to be.”
Barkat says it’s also important to remember that while cyber security is about protecting data and information security and networks, it’s also about safeguarding users from harmful content, such as child exploitation materials, and from predatory behaviour like cyberbullying and catfishing.
That’s an ugly flip side, but it’s important to keep sight of all the possibilities enabled by a connected world.
The freedom to pursue the opportunities, while navigating the risks, is a huge reason that cyber security is an issue everyone needs to care about – it shouldn’t just be left to the IT experts, while the rest of us open suspicious links in unsolicited emails with merry abandon.
“Individuals, organisations and nations are all connected – so the need for security begins at the level of the individual,” he says. “We then look at the security of organisations – which often deal with stakeholders’ important, sensitive data.
“And then, at a national level – for instance, when a country uses apps and websites for vaccination bookings, or for something like a digital vaccine passport, which needs to have safeguards in place against manipulation and duplication or fabrication.”
The coveted formula, says Barkat, involves security, confidentiality and integrity, built into any system, while also ensuring its accessibility and effectiveness.
“A vaccine passport could be used for more than travel – it could verify my vaccination status when I enter a shop, and link that to my photo for quick access,” he says. “So what I would look for in a vaccine passport is that it remains securely with me, is tamper-proof and verifiable if needed.”
With so much of the everyday now coloured by the need for cyber security, what was once seen as an IT issue has been revealed as a life issue. This is why UC’s Graduate Certificate in Cyber Security Management – of which Barkat is convenor – frames cyber security within a business management context.
“Every organisation is built on the triangular relationship of people, processes and technology, each having a role to play,” Barkat says.
“If we have cutting edge tech, but people don’t take responsibility for their actions or consider consequences, then that can impact the whole system – and it could be something as simple as having a weak password, or not changing it regularly, which actually leads to a majority of cyber security breaches.
“All organisations need a governance and risk management plan, but also cyber hygiene practices running regularly across it, at all levels.”
Barkat says that, as with so many other things, it’s the human factor that plays the most important part in keeping everyone safe.
“The Graduate Certificate in Cyber Security Management is designed to upskill grads to have critical knowledge of the cyber security ecosystem, to understand and analyse threats, create and manage responses and solutions – and crucially, to articulate cyber security issues for all, because as I said, it’s the human factor that is most important here.
“Ultimately, the grad cert equips grads to build cyber resilience into their organisations.”
Candidates in the Graduate Certificate in Cyber Security Management program can now also apply to the Australian Defence Force Cyber Gap Program, which is run in partnership with the Digital Transformation Agency,
Barkat says that the pace at which cyber security is evolving necessitates a hard and fast response, and a huge surge in professionals ready to face threats and neutralise them.
“Security risks go across sectors and criminals have quickly evolved to seize their own opportunities – even ransomware is now offered as a service,” he says.
“We’re moving towards a cloud system, which gives us much greater flexibility in terms of data storage – and brings with it another level of security risks.
“Infrastructure security is another aspect to consider, especially when it comes to networks like the Internet of Things, that connects your everyday digital devices like smart TVs, microwaves or healthcare devices.”
According to the Australian Cyber Security Growth Network (AustCyber), Australians spent $5.6 billion on cyber security – from both local and international providers – in 2020.
“AustCyber projects that by 2024, our cyber security expenditure will grow to $7.6 billion, due to the accelerated risk of a distributed work force. Globally, that number is predicted to be at least US$207 billion,” Barkat says. “There are so many possibilities to be seized in this industry, for those forward-thinking enough to recognise them.”
The power of one: cyber safe practices for individuals
- Make sure your computer and mobile phone are equipped with a good antivirus program, to weed out malware..
- If you’re working from home, you should only use your organisation’s VPN for access; if that isn’t possible, the organisation should provide clear policies and procedures to minimise risk.
- Update your operating system (OS) on all devices regularly – new updates often contain security patches for bugs and threats that have just been discovered.
- Don’t use free WiFi in public places, especially for any financial transactions or if you are working with sensitive information.
- Have strong passwords for all your accounts – incorporating a mix of letters, numbers and special characters – and change passwords every two to three months.
- Think twice before clicking on any link sent to you. If it’s an unexpected, unsolicited email or text message, don’t click on any links in it.
- Try to verify the sender of an email by hovering over the address hyperlink and considering if it looks legitimate.
- Understand how the organisations you deal with operate. The Australian Taxation Office (ATO) for instance, does send information via texts, but won’t include links within them.
To find out more about studying and working within the cyber security sphere in Canberra, check out the Cyber Skills Pathway event on Tuesday 26 October 2021, which is being held in conjunction with CyberWeek 2021 (25 to 29 October).
Barkat will join other cyber security experts from educational institutions in Canberra, as well as representatives from government, small businesses, Defence and Intelligence, multinationals, financial and telecommunications organisations on panel discussions and at networking events.
Sign up here for free.
To find out more about the Graduate Certificate in Cyber Security Management, download a course guide or apply, go to the course page.
Words by Suzanne Lazaroo. Photos: supplied and sourced.