In May this year, WannaCry ransomware was used to take data hostage from 200,000 computers across 150 countries. Devices were locked and owners were asked to pay US$300 in bitcoin to release their ﬁ les. One month later, a cyber attack of a different kind occurred, when a malicious virus, called Petya, wiped data from businesses worldwide, again demanding US$300 bitcoin ransoms. This time, as the virus was incurable and the payments were quickly shut down, the attack appeared to intentionally cause damage, rather than collect funds—a true cyber attack.
And while these attacks have occurred in the past two months, it's clear that over time and with practice cybercriminals are getting better at what they do.
In recent years, the threat level from cyber attacks has risen exponentially, with global companies, public institutions and individuals all at risk. In 2014, a complex and sustained attack on Sony Pictures brought the company to its knees when yet-to-be-released ﬁlms were stolen, along with sensitive company and personal information. Taking malice to a whole other level, macabre images of the CEO were posted across the company network and veiled threats of violence were made about the impending release of the movie, The Interview. Sony was forced to go dark—to shut down all of its digital systems.
With cyber attacks increasing, so too are the opportunities to protect against these, with the cybersecurity industry and associated businesses on the rise.
TOP 5 THINGS YOU NEED TO KNOW ABOUT CYBERSECURITY
Cybersecurity is everyone’s job: any organisation is only as secure as its weakest link.
Security by design: security should be baked into every aspect of the business (technology, people and processes).
Privacy and freedom will always be important: but to stop the bad guys you ﬁrst need to verify that your staff are doing the right thing.
Bolt on technology can never work on its own: security technologies must provide a platform to inform leadership and cultural change.
People are at the core of everything you do: they are your greatest asset and your greatest risk.
Gartner Inc., the world’s leading research and advisory company, is telling us that worldwide spending on cybersecurity will hit US$90 billion by the end of the year, with a predicted US$113 billion spend by 2020.
Australia’s Cyber Security Strategy reports that attacks are estimated to cost economies around one percent of GDP per year. For Australia, this equates to approximately US$13.4 billion dollars (based on 2015 ﬁgures).
As incredible as this seems we didn’t reach this point overnight.
“The potential for digital disruption to impact our lives and businesses is the sleeping giant we’ve preferred to ignore.”
According to Australia’s Cyber Security Strategy each Australian household will have 24 devices connected online by 2019. Additionally, we park personal data in the cloud, trusting that it will be safe or, most likely, not thinking too much about it. And while we, as consumers, have embraced every new digital gadget, with little thought for dangers, cyber criminals have been long honing their craft.
Meanwhile, fully aware of the impending cyber catastrophe, Mohan Koo, CTO of Dtex Systems, and his co-founder Chris Nillissen, have spent the past 17 years applying, reﬁning and delivering world-class cybersecurity solutions.
“Attacks are becoming bolder. They’re turning from straightforward phishing to spearphishing.”
‘Spearphishing’ is where the attacker carefully researches their target, perhaps looking for someone in purchasing, then sends them a legitimate-looking email telling them to reset their Microsoft credentials,” says Koo.
“Once they have those details, they assume that person’s online identity to arrange bank transfers. They’re even getting bold enough to follow up with a phone call to demand payment. It’s identity fraud on a much larger scale.”
This is just one example of a malicious attack, but, according to Koo, threats come from where we least expect them.
His company, Dtex Systems, focuses on intelligent ‘User Behaviour Analytics’ to detect three classes of cyber threats: malicious insiders, vulnerable insiders, and hijacked credentials. Dtex has shown that the highest number of cases relate to vulnerable insiders…and that’s all of us. It’s well-intentioned people who put their organisation at risk by ignoring or not understanding how to think or act in a security-minded way.
3 TYPES OF CYBER THREATS
The Malicious Insider – the bad person who intends to cause harm.
The Vulnerable Insider – the good person who accidentally causes harm.
Hijacked Credentials – outsiders getting access to legitimate insider credentials.
The teachable moment
Turning cybersecurity on its head, Dtex Systems takes a people-centred approach, understanding that cultural change is the most effective security solution.
Dtex Systems uses its behavioural analysis technology to reach out and engage the user at the point they make the mistake—it’s called the teachable moment.
“It’s a real shift in thinking, but it’s absolutely he only way forward. Gone are the days you can completely lock things down,” says Koo.
“You should give your staff every freedom that they possibly can have to get the job done in an innovative, intuitive way.”
“It’s the only way to effectively change the security culture in an organisation, but what is even more positive and effective is security by design.”
“When you’re making products or designing services, you need to bake security into all of your processes and policies. You can’t just bolt it on later. You need to look at the technology, the people and the processes around it. Technology should only ever be a platform from which you can inﬂuence human change.”
To be fair, Koo and Nillissen were slightly ahead of the curve—17 years ahead to be precise. Yet their global success arrived only in recent years, tracking an increased global cyber threat and a greater awareness of the need to invest in security. Success also followed a move from Adelaide to Silicon Valley, California; a move that had to be made to ﬁnd customers and achieve the global growth they’re experiencing today. Koo, who has ensured Dtex Systems kept an office in Adelaide and other Australian cities, wants to stop the overseas exodus of cyber active entrepreneurs.
Tech innovation and opportunity
With the Turnbull Government’s recent announcement that South Australia will get the lion’s share of a future A$89 billion defence investment, together with a promised $400 million nation-wide to boost defence cyber security capability, the time is right to leverage peripheral opportunities.
“We punch above our weight here in Adelaide when it comes to tech innovation,” says Koo. “Now is the perfect time to create a real cyber security economy in this state. Not just a branch economy where jobs can still be lost overseas; a real and vibrant economic hub of innovative cyber security companies that are agile enough to keep leading the world in managing cyber threat.”
“We need to create an ecosystem here in South Australia,” says Koo, “a collaborative and supportive ecosystem to shift the inertia that Australian entrepreneurs currently face. We know it’s a conservative business culture, so let’s give it what it needs to break out onto the global stage.”
When you add to the mix what commentators call the ‘democratisation of business’— increased accessibility to information, ideas, production, funding and distribution—there should be no limits to an entrepreneur’s brand new start-up. Except, while the landscape and platforms are changing, the old rules of business still apply. Business plans need to be drawn, risks need to be taken, products and services need to be tested and reﬁned, reliable funding must be accessed and brands need to be grown. Solid and trustworthy networks still need to be built in among the noise of social media chatter.
According to Koo, the most important thing is funding. It is the biggest missing gap for entrepreneurs in Australia.
Getting an initial round of funding as a new start-up, let alone making it through to a professional Series A investment round, takes serious preparation. It also takes an understanding of the marked differences between the small and conservative venture capital community here in Australia and the complex and vibrant venture capital scene in Silicon Valley.
“In order to be competitive on the global scene, Australian entrepreneurs and investors need a much healthier appetite for risk, and must get to the table quicker,” says Koo.
“Just having a good idea is not going to get you there. You need to be trained how to pitch. You need to learn how to analyse the market and prepare for raising an investment. Crucial to this is ﬁnding a customer who will help you test your product. If you haven’t tested and reﬁned, if you don’t have a business plan, no-one will invest.”
It’s a little more complicated than, ‘if you build it they will come’. Timing becomes crucial. Start-ups must be ready to pitch and they need someone to pitch to. We need to stop people from working in silos and get them to collaborate, but this time we need true collaboration that requires trust and commitment. We need to be thinking—no-one can do this for us, we have to build this ecosystem ourselves.
At the moment we have a push to make this happen and some committed and inﬂuential people who can take a push and turn it into a groundswell. Can we truly change a conservative business culture that is underpinned by a conservative social culture? Can we build cybersecurity as an Australian export? Can we create a hub of cybersecurity innovation and expertise that draws people in and creates further wealth?
Of course we can, but we do have to build the structure, climb up to the top and hang our toes over the edge.
TOP 10 TIPS FOR CREATING A CYBER START-UP:
Talk about your idea with people, especially those outside your area of expertise.
GET CONSTANT FEEDBACK:
And really listen to everyone…not just your mum.
TEST, TEST, TEST:
Find supportive potential customers to help test and reﬁne your product.
DON’T GET TOO ATTACHED:
Be prepared to revise your initial idea, over and over again.
PREPARE A SOLID BUSINESS PLAN:
You can’t move forward without it.
REFINE YOUR PITCH:
Nobody will invest if you can’t clearly articulate your vision.
ANALYSE THE MARKET:
You need to validate the size of the opportunity and the hurdles to get there.
LEARN HOW THE FUNDING SYSTEM WORKS:
Venture capital, angel investors, what makes them tick?
USE ALL AVAILABLE RESOURCES:
There are people out there trying to help you. Find them.
Be prepared to take a risk…no risk, no reward.