Back to all news articles
24/06/2018
Speaking at CEDA’s State of the Nation on cyber security, Mr MacGibbon said cyber security was both a threat and an opportunity.
“There are indeed opportunities. Opportunities to begin right in terms of protecting things and an opportunity to get right, growing the cyber security industry,” he said.
However, he said the threat from cyber security failure is real.
“For a long time, we have focused on confidentiality,” he said.
“The future is more about the concept of integrity of information and the availability of information.
“Can I believe in the information I’m getting, from the machines that I’m doing business with?
“Imagine a real-time world, driverless vehicles and internet of things world where we rely upon the telemetry coming from devices for the machines to make critical decisions for us.
“Imagine if the integrity of information or the availability of that information was called into question?”
Mr MacGibbon also said cybersecurity is a technology and a social problem.
“I met with a CEO of a global company the other day and he said to me you've got to bring technology to a technology fight. It's true, if you're in a gunfight (you) don't bring a knife,” he said.
“We certainly need to bring technology to a technology fight but this is a social problem.
“This is about human beings, those of us who operate the machines, those of us who program the machines, those of us who use the machines, all of us have a role to play and this is a social problem which then parlays into an economic issue for us to talk about.
“Whether you're a big or small business or whether you're a family at home this is an issue that needs to be talked about and talked about widely even if you're not a technical expert, and for the first time…I'm actually seeing that occurring.
“For the first time in my career I can say that cyber security is front and centre of the minds of many many more people outside those traditional cybersecurity experts which is good.”
However, Mr MacGibbon said when it came to breaches, we’re not yet showing the level of maturity we need to as a country for understanding how those issues have occurred and how we can prevent them happening in future, citing the recent PageUp issue.
“For those who don't know PageUp is an innovative cloud-based company providing HR services, often integrated into businesses HR workflows for a couple of hundred corporate customers including government,” he said.
“A couple of weeks ago they came out publicly based on the mandatory data breach legislation to say that people unknown had access to their systems.
“Now there are a few things to say here, firstly I've come out publicly in a joint statement with the Privacy Commissioner to try to put in perspective the incident.
“I’m at pains to say there's a difference between a person gaining access to data and a person exfiltrating data there.
“I have no doubt that someone got into the PageUp systems but I'm not convinced necessarily that any data was stolen.
“The reaction of the market, however was different and to me lacks maturity.
“The type of conversation that I saw played out in the mainstream media and online in relation to PageUp demonstrates that lack of maturity, the lack of ability for us to distinguish between those two things, someone breaking into a house but not necessarily leaving with what they broke in to steal is important for us to differentiate.
“It's also important for us to understand that, there but for the grace of God goes pretty much any business and that we need to learn from the examples of other people's loss to try to reduce the likelihood of them happening again.”
“There are indeed opportunities. Opportunities to begin right in terms of protecting things and an opportunity to get right, growing the cyber security industry,” he said.
However, he said the threat from cyber security failure is real.
“For a long time, we have focused on confidentiality,” he said.
“The future is more about the concept of integrity of information and the availability of information.
“Can I believe in the information I’m getting, from the machines that I’m doing business with?
“Imagine a real-time world, driverless vehicles and internet of things world where we rely upon the telemetry coming from devices for the machines to make critical decisions for us.
“Imagine if the integrity of information or the availability of that information was called into question?”
Mr MacGibbon also said cybersecurity is a technology and a social problem.
“I met with a CEO of a global company the other day and he said to me you've got to bring technology to a technology fight. It's true, if you're in a gunfight (you) don't bring a knife,” he said.
“We certainly need to bring technology to a technology fight but this is a social problem.
“This is about human beings, those of us who operate the machines, those of us who program the machines, those of us who use the machines, all of us have a role to play and this is a social problem which then parlays into an economic issue for us to talk about.
“Whether you're a big or small business or whether you're a family at home this is an issue that needs to be talked about and talked about widely even if you're not a technical expert, and for the first time…I'm actually seeing that occurring.
“For the first time in my career I can say that cyber security is front and centre of the minds of many many more people outside those traditional cybersecurity experts which is good.”
However, Mr MacGibbon said when it came to breaches, we’re not yet showing the level of maturity we need to as a country for understanding how those issues have occurred and how we can prevent them happening in future, citing the recent PageUp issue.
“For those who don't know PageUp is an innovative cloud-based company providing HR services, often integrated into businesses HR workflows for a couple of hundred corporate customers including government,” he said.
“A couple of weeks ago they came out publicly based on the mandatory data breach legislation to say that people unknown had access to their systems.
“Now there are a few things to say here, firstly I've come out publicly in a joint statement with the Privacy Commissioner to try to put in perspective the incident.
“I’m at pains to say there's a difference between a person gaining access to data and a person exfiltrating data there.
“I have no doubt that someone got into the PageUp systems but I'm not convinced necessarily that any data was stolen.
“The reaction of the market, however was different and to me lacks maturity.
“The type of conversation that I saw played out in the mainstream media and online in relation to PageUp demonstrates that lack of maturity, the lack of ability for us to distinguish between those two things, someone breaking into a house but not necessarily leaving with what they broke in to steal is important for us to differentiate.
“It's also important for us to understand that, there but for the grace of God goes pretty much any business and that we need to learn from the examples of other people's loss to try to reduce the likelihood of them happening again.”