The importance of cyber awareness in government
By Nicole Quinn, head of government affairs — APAC, Fortinet
Friday, 08 July, 2022
Cybersecurity is a critical concern for businesses and governments around the world. For the Australian Government, potential threats continue to increase year-on-year as a result of changing economic and political climates, among other factors. Data from the Australian Signals Directorate (ASD) shows it responded to 313 incidents in 2011 and 1630 cybersecurity incidents in the 2020–2021 reporting period.
The new Australian Government has signalled its focus on cyber by appointing the first Minister for Cyber Security to Cabinet. Minister Clare O’Neil has already indicated she is a strong advocate of the importance of mitigating the growing risks of cyber attacks and protecting government departments and critical services.
Government investment in cybersecurity measures is crucial but only one part of the puzzle, albeit an essential one. One of the growing risks to government departments, or any organisation, is a workforce that is uninformed, underprepared, or otherwise unable to identify potential cybersecurity threats. This means that it is important for the government to also invest in strengthening its workforce with people who are well-versed in cybersecurity to deliver a strong line of defence. This is not an easy task in the current skills shortages landscape we are facing.
Unemployment is sitting at its lowest rate in more than a decade at under four per cent, and this, combined with reports that 636,000 Australians have indicated they intend to change jobs in the next year, means there is a chance that government will be facing a labour shortage just like many other industries. In addition, according to AustCyber, it is estimated that Australia may need around 16,600 additional cybersecurity workers for technical as well as non-technical positions by 2026. Consequently, it’s clear that government needs to find ways to attract and retain this valuable talent, as well as continue to fortify its defences by upskilling its existing labour force.
A cybersecurity skills shortage is a considerable challenge for the Australian Government, especially when it means departments will struggle to access cyber workers to help protect critical data and assets in a constantly evolving threat landscape. And, government departments are in competition with the private sector for skilled workers, often against largescale enterprises that could potentially offer greater remuneration than the taxpayer.
While there’s no simple, overnight solution for the skills shortage or how government can entice skilled cybersecurity workers away from private enterprise — aside from the benefits of cybersecurity workers contributing their skills to matters of national security — there is an easy way for government to further bolster its security posture: creating a strong, cyber-aware public sector.
Creating a cyber-aware public sector workforce
Not every government employee has the skills and know-how of a cybersecurity professional and it’s not reasonable to expect that all government workers can pick up on the nuances of the rapidly evolving threat landscape. However, it is possible to arm public servants with the skills they need to identify common cybersecurity threats.
As such, it’s essential for government to take the steps to ensure its entire workforce is trained and upskilled in cyber awareness, which is crucial in securing and protecting Australia in the face of new and increasing threats. To do this, government can focus on four primary areas of awareness to help department employees contribute to the defence of the Australian public sector.
- Understanding key cybersecurity terms: one of the biggest challenges for government workers will be keeping up with, and understanding, the key cybersecurity terms that they’ll come across. It’s essential to include education around the glossary of relevant terms to ensure workers are well-versed in the potential threats or attacks they may come across.
- Understanding methods used for attacks: beyond knowing the terminology, a cyber-aware public sector needs to understand the different types of attacks that government can be exposed to and the associated threats of each of these. For example, knowing the difference between ransomware and disruptionware and what impacts each of these could have on the government and its operations.
- Identifying malicious actors and motivations: knowing the different types of attacks is one thing; however, it’s equally important for government workers to understand what potentially malicious threat actors are behind cyberattacks and what their motivations may be. This can help government workers to understand why they may be specifically targeted by a disruptionware phishing scam and if there’s anything in particular they need to look out for in their emails.
- Learning to protect themselves and the information they have access to: perhaps the biggest challenge in creating a cyber-aware public sector is arming workers with the knowledge they need to protect themselves and the information they have access to from cyberthreats.
To achieve this, government can invest in comprehensive, ongoing cybersecurity awareness training and education for all workers across all levels of government. This will ensure that every employee has a foundational understanding of cybersecurity and how they can help contribute to the protection of government data and assets. Helping to inform public servants about potential threats can also go beyond giving them the information they need to understand what a cyberthreat is; it can also inspire hypervigilance among the workforce.
A cyber-aware and trained public sector needs to remain a priority for the new federal government and opportunities for public and private sector partnerships to assist with this will be key to ensuring our most critical of government services continue to deliver to the Australian community.
The Australian Government is behind other industries when it comes to modernisation of services...
Ransomware is just the top of the cybercriminal iceberg. More sophisticated and savvy cyber...
Large or small, any government organisation, school district or higher education institution is...