Paying too much attention to overseas cybercrime incidents is taking the focus away from the much more predominant insider security breaches in the government sector, according to Peter Fowler, director of security and risk assurance within the South Australian Office of the Chief Information Officer.
Peter Fowler (Credit: International Quality
and Productivity Centre)
"This can cause us to perhaps lose focus on the usual culprits of events such as the trusted insider, the relationships that we have with suppliers and contractors that provide people access into our networks these still are predominant causes of security breaches within the government sector," he said in an interview with Lauren Kelleher, online communications assistant at the International Quality and Productivity Centre, which is hosting an e-Security Government forum in September.
Fowler said daily reports in the media about "cyber incidents or incidents relating to social media" were good to raise awareness about cybersecurity in the community, but didn't do much for the organisations that were subject to attacks.
"I think this level of awareness building is good in one respect and not so good in another respect in the sense that it will certainly make the general public more aware of ICT incidents and perhaps give them a focus point that won't be necessarily beneficial to a particular organisation in the case of an event," he said.
Fowler also highlighted the importance of ensuring that the restoration of ICT services is a high priority in emergency management legislation.
"Most government services these days are underpinned by ICT services and in fact if we look at the initial findings from the Victoria Bushfire Royal Commission we'll see how important ICT services were to providing information to the public and supporting response and recovery efforts," he said. "So in the event of a major community disaster there is likely to be effects on ICT services."
"That being the case there would be a need for the prioritisation of which systems need to be recovered first, which systems can be left for a little time," he added.
The e-Security for Government forum is to be held in Sydney on 21 – 22 September.