TECHNOLOGY
campusreview.com.au
Building a cyber defence army
Cybersecurity
demands more
education
and training.
By Paul Haskell-
Dowland
C
ybercrime is escalating worldwide,
and with a massive demand
for cybersecurity professionals,
universities need to respond by offering more
graduate and undergraduate programs to
equip the workforce with the experts it needs
to protect against cyber threats.
In every sector of the economy, for
individuals, business and government, there
is a need for cyber defence. The growth in
popularity of cloud-based services, mobile
devices and social networking sites has
meant an increasing number of individuals
and organisations are being exposed to often
highly sophisticated cyber threats.
Moreover, with the growth of ‘big data’
and the intelligence it brings, new laws
in Australia and elsewhere are forcing
organisations to better comply with privacy
laws and to protect their digital assets. Under
the Notifiable Data Breaches (NDB) scheme
introduced in February 2018, breaches
covered by the scheme must be reported
to the Office of the Australian Information
Commissioner (OAIC).
These are no small matters. Just recently,
the Australian National University (ANU)
revealed it was the victim of a significant data
breach in late 2018, when a sophisticated
operator accessed its systems illegally.
The hacker accessed significant amounts
of personal staff, student and visitor data
extending back 19 years. With foreign
government involvement suspected, ANU is
working closely with Australian government
security agencies to investigate the breach,
which was only discovered in May 2019.
Put simply, there aren’t enough IT security
experts to go around because demand is
growing so rapidly. The gap in the global
market for cybersecurity professionals is
estimated to be three million.
The Asia-Pacific region is facing the largest
talent shortfall, with unmet demand for 2.15
million experts. The need is driven partly
by the rise in crime and partly by the new
cybersecurity and data privacy laws being
enacted throughout the region.
The Cisco 2018 Asia Pacific Security
Capabilities Benchmark Study found Asia-
Pacific companies are subjected to six
cyber threats every minute. Moreover, 64
per cent of the organisations that suffered
a breach said it cost them more than
US$500,000 ($720,000), while almost one
in 10 companies reported that an attack cost
more than US$10 million ($14.4 million).
A recent OAIC report shows that almost
1000 data breaches were notified to the
commissioner between 1 April 2018 and 31
March 2019. More than a third of all breaches
notified were due directly to human error,
while 60 per cent were traced back to
malicious or criminal attacks.
The OAIC believes the predominance of
human factors in data breaches highlights
the importance of education and training
for all employees who handle personal
information.
“Best practice approaches in organisations
to protect against data breaches involve a
dedicated training program comprising face-
to-face training and e-learning, supported
by tools and ongoing communication on
how employees can stay safe from evolving
threats,” the OAIC said in its recent report.
This underscores the importance
of tertiary education producing more
cybersecurity professionals with the skills to
protect organisations against sophisticated
cyber attacks.
Undergraduate and postgraduate
programs can equip professionals with the
tools and techniques needed to predict,
identify and mitigate cyber risk.
Security experts need to understand the
practical and theoretical dimensions of IT
security across a range of fundamental areas,
such as network security and vulnerability
assessment, information security, digital
forensics, wireless device security,
information warfare and database security.
Organisations need IT security managers to
develop and manage a full defence.
The shortage of qualified cybersecurity
experts is pushing salaries into six figures. A
survey by jobs website Indeed.com.au reveals
that the average annual salary for IT security
specialists in Australia is $105,853. The
average for a director of information security
is $148,047 a year. These are well above the
average salaries for solicitors, accountants
and even other IT jobs.
Postgraduate study can prepare cyber
experts to progress to senior positions,
including management, with employers
prepared to pay a premium for advanced
technical skills and the comprehensive
knowledge needed to apply best practice
approaches to cybersecurity.
Indeed, there are no borders to
cybercrime, a global phenomenon that can
strike at any time. All organisations – whether
government, commercial or not-for-profit –
hold data that needs protecting, so all must
act now to counter cyber threats, or they risk
serious financial and reputational losses as
well as possible breaches of privacy laws.
Ultimately, as organisations boost their
cybersecurity, this will have benefits for
the community, who will enjoy an online
experience that is more secure. Australia’s
reputation too as a safe and trusted place in
which to do business would also grow as we
boost our cybersecurity workforce.
Edith Cowan University’s accelerated, 100
per cent online Master of Cyber Security will
equip graduates with advanced technical
skills and comprehensive knowledge of
best practice approaches to implementing
cybersecurity. The university’s close
connections with industry ensure its courses
are kept current and immediately relevant to
this rapidly changing field. ■
Associate Professor Paul Haskell-Dowland is
associate dean for computing and security at
the School of Science, Edith Cowan University.
27