Expert questions Australia's cyber approach

Expert questions Australia's cyber approach | Insurance Business

Expert questions Australia

An international expert says Australia’s approach to cyber security could actually be undermining safety efforts by organisations – and putting the entire country at increased risk.

Joseph Carson is a certified information systems security professional with more than 20 years’ experience – speaking to Insurance Business, he explained why Australia’s data encryption laws have been so controversial among the cyber security community.

“I’ve been outspoken on this and my peers in the industry have been too, that this is a bad direction – when you start forcing data access laws for companies,” said Carson, the chief security scientist at cybersecurity software firm, Thycotic.

Introduced late last year, the government defended its data encryption laws by arguing that they’re necessary to help combat terrorism and crime. However, critics – including Carson – say this comes at too high of a price.

“It weakens companies and puts the country at risk because you’re forcing companies to provide back doors and you’re weakening security, simply to satisfy a certain government’s access demands or access requests,” he said.

Whereas much of the rest of the world requires more stringent security measures, Carson says Australia is forcing companies to expose themselves by creating a weak spot.

“Therefore, they might decide to actually put out two versions of the same product – one for the rest of the world and one which is weaker for Australia,” he explained.

Discussing those who are most at risk, Carson pointed to the financial sector as a prime target – however, he also said the industry is renowned for investing heavily in security which thereby mitigates the risk.

“Most of the time, there’s a financial motivation to cybercrime which is why we see the financial industry as the highest risk,” he said. “However, at the same time, the financial industry has spent millions to improve security and they’re also very invested in compliance so while it’s a high risk, they have done a lot to mitigate wherever possible.”

Another area which is particularly exposed, according to Carson, is the health and education industries.

“They are probably the two that have high value data, but, at the same time, very weak implementations in security in place,” he told Insurance Business.

“So, education and the health industries are where probably my concerns would be, where universities have students’ data, intellectual property, research, as well as health records and sensitive data that is also essentially high value.”