Cybercrime is not just a technology problem, it’s a people problem. People are not peripheral to the process, but central to it. Cybercriminals actually teach us the importance of good defense in response.

They teach boards the importance of security. But what other things do cyber criminals teach us all? What lessons might we draw from the cybercrime marketplace?

The proliferation of Internet of Things devices grows at an astonishing pace, and those that have the funding or executive support may fare better than the poor, overworked system admins and developer teams whose plate is brimming with demands for design by function over security form.

To become profitable, cybercriminals have applied the same market dynamics to the criminal world as they do in the business world.

Your platform and your service need to be valued. It should be easy to use, trustworthy and easily accessible. Criminals have realised that it is all about the user experience.

In this presentation, Narelle Devine CISO APAC at Telstra, highlights this key message: Cyber security professionals need to meet users where they are and CISOs should be the collective enablers.

Security that comes at the expense of convenience ultimately comes at the expense of security.

 

Key Takeaways:

  • The costliest part of a breach can often be the recovery.
  • What began life in the eighties as a niche group of hackers and I.T. enthusiasts looking to explore holes in technology has morphed into a conveyor belt industry of industrialised cybercrime where those with the requisite skills, knowledge and resources rent these attributes out to other criminals for nothing more than a fee.
  • Training humans not to make human decisions is not the answer. We should continue to develop processes and controls that account for human error because humans make mistakes.
Contributors
Narelle Devine Chief Information Security Officer Asia Pacific at Telstra
Narelle Devine is Telstra’s Asia Pacific Chief Information Security Officer (CISO). Narelle began her career in the Royal Australian Navy before joining... More

Narelle Devine is Telstra’s Asia Pacific Chief Information Security Officer (CISO). Narelle began her career in the Royal Australian Navy before joining the Australian Government’s Department of Human Services as CISO. She has a diversified history spanning the military, government, and private sectors.

Telstra’s cyber security operations, intelligence, risk, governance, compliance, development, and engagement are all overseen by Narelle. Narelle has a bachelor’s degree in information systems and English, a master’s degree in information technology, and a master’s degree in systems engineering. She is a current member of the RSAC Advisory Board and the AISA Executive Advisory Board, and she is passionate about workplace culture, diversity, training, and recruitment.

Narelle was awarded a Conspicuous Service Medal (CSM) in the 2016 Australia Day Honours List for meritorious achievement as the Deputy Director-Cyber (Maritime) in the Joint Capability Coordination Division – and has led a colourful life, working, and protecting the nation, citizens, and systems in the military, government, and now the private sector.

Less