AUTHOR: Stewart Hayes
Since the conflict started in the Ukraine, there has been an escalated tension in the cybersecurity regime that could impact UNE.  As a university, we have a duty to protect UNE sensitive information and sensitive research data.  Boards and line managers have a unique role in helping manage cybersecurity threats.  Don’t leave any questions about critical vulnerabilities for tomorrow after the event.  As line managers and users, we all have a responsibility to ensure UNE assets and data are protected.

Firstly, all technology is vulnerable to cyber-attack.  Buying a secure system today, does not mean it will be secure tomorrow.  Teams of experts are constantly working on ways to undermine security controls.  These may work for themselves or are state sponsored.  Either way they will find a way to break into the technology.  This requires us to develop new ways to carry out our responsibility to manage business risk.

5 Things Everyone Needs to Know About Cybersecurity[1]

Cybersecurity is about more than protecting data

Cybersecurity is about more than just protecting data. As we have digitised our processes and our operations, connected our industrial complexes to control systems that enable remote management of large equipment, and linked our supply chains with automatic ordering and fulfillment processes, cybersecurity has taken on a much larger position in our threat landscape.

We must be knowledgeable participants

It’s the Directors and line managers’ role to make sure the organisation has a plan and is as prepared as it can be.  The NIST Cybersecurity Framework (CSF) is simple and gives executives and directors a good structure for thinking through the important aspects of cybersecurity. But it also has many levels of detail that cyber professionals can use to install controls, processes, and procedures.

Understand and focus on risk, reputation and business continuity

Whilst cyber professionals focus on the goals of ensuring confidentiality, integrity, and availability of both systems and data, the key concerns of Directors and managers must be one about the goals of risk, reputation, and business continuity.

The prevailing approach to defence is depth

A series of layered protective measures can safeguard valuable information and sensitive data; a failure in one of the defensive mechanisms can be backed up by another, potentially impeding the attack.  Layers of defence often include technology, controls, policy and organisational mechanisms

In today’s world, we need every single person in the organisation to provide some level of defence – the Human Firewall. At a minimum, everyone including Directors, must be aware of scams and social engineering attempts to avoid falling victim.

Cybersecurity is an organisational problem, not just a technical one

Many cybersecurity problems occur because of human error. Aligning all employees, not just the cybersecurity team, around practices and processes to keep the organisation safe is not a technical problem — it’s an organisational one. Cybersecurity requires awareness and action from all members of the organisation to recognise anomalies, alert leaders, and ultimately to mitigate risks.

Summary

We all have a role in helping their organisations manage cybersecurity threats.  Don’t leave any questions about critical vulnerabilities for tomorrow. Asking the smart questions at your next meeting might just prevent a breach from becoming a total disaster.

As always, we are reliant on people being vigilant and reporting suspicious activity on their systems to servicedesk@une.edu.au, +61 (2) 67735000. 

If you haven’t already, we would encourage you to visit the UNE Cybersecurity page and undertake the UNE Cyber Security Awareness training.

Thanks for your support in helping us maintain the cyber security integrity of UNE.

[1] From an original article by Dr. Keri Pearlson and Nelson Novaes Neto of MIT.