Hear from Sekuro’s Managing Director, Noel Allnutt, as he shares what’s top of mind around three prevalent themes so far in 2023. What do they have in common? Change.
In previous articles, I’ve mentioned the value in pausing to reflect and the goal to do that more often this year. As we reach the end of April 2023 and draw closer to the end of financial year, there are a few themes that have really stood out for me recently. What they all have in common is the inevitability of change and how we can better embrace and navigate that change for better business resilience.
Here are the top three changes that are top of mind:
1. Legislation
It’s no secret that new legislation is absolutely incoming to Australian organisations. It’s not a matter of if, it is a matter of when. With the leadership of Claire O’Neil as the first Cabinet Minister to hold the portfolio of Cyber Security, the Australian government is in the final stages of gathering all the information they need to define a new cyber security strategy and the legislation that will be aligned to it.
Prime Minister Anthony Albanese led a cyber security roundtable with leaders from the public service, intelligence agencies and independent experts to discuss stepping up defences. The Government has also appointed a Coordinator for Cyber Security supported by a new National Office within the Department of Home Affairs for a centralised approach to cyber security.
O’Neil has flagged that Australia’s current laws, policies and frameworks are not keeping up with the challenges and pace of the digital age and is seeking views from the industry on how to streamline current legislation and policy, and whether a stand alone Cyber Security Act should be considered.
On top of that, clients need to be mindful of the recently released Privacy Act Review Report in which sensible reforms were proposed in line with the cultural shift towards great privacy regulation. Businesses should not only ensure they comply with existing regulations but also take a proactive approach to understand and reduce their data footprint and implement actionable data breach response plans.
There have also been changes made to the 2018 SOCI Act as part of Critical Infrastructure reforms, impacting owners and operators of critical infrastructure assets (CIAs) in Australia from 15 sectors. CIAs must now meet proactive and reactive obligations to ensure their interconnected data networks are protected. Likewise, new Rules have been introduced to the Critical Infrastructure Risk Management Program (CIRMP) as part of the SOCI Act. These new Rules have a deadline to be implemented by 17 August 2023.
Then there is the control framework of the Australian Cyber Security Centre’s (ACSC) Essential 8 compliance and the transition for ISO27001 certified businesses to ensure they are up to date with the new standard of 2022 updates by October 2025.
There’s already a lot of uplifts occurring and it is clear that there will be more coming in the second half of this year. So having a good understanding of where you sit today will really benefit the speed in which your organisation could become compliant and within legislation in the future.
2. AI and ChatGPT
How do we focus on the productivity that AI brings
while also focusing on reducing the risk?
There has been a lot of noise this year around AI and ChatGPT. ChatGPT seemingly came out of no where and it has inspired a lot of interesting conversations. Some of those conversations sit in the doom and gloom category, while others seek out the opportunity this AI model provides.
What we are currently seeing at Sekuro is helping clients to delineate between what is noise and what is real in terms of the threats to a security landscape and the demands on a business when it comes to AI. We are navigating new algorithms and processing languages and with that there are some unknowns.
What I am interested in is cutting the noise around AI and security and looking at how it will impact business resilience and productivity. What will AI gain for our society versus the risk. This is not to say there aren’t real risks but it’s important to keep the conversation moving towards how we cut the noise and embrace AI. How do we focus on the productivity that AI brings while also focusing on reducing the risk.
This conversation creates nostalgia of a similar conversation around the cloud when it just came out to the public. There was fear, noise and uncertainty around where your data was going, who was going to see it. Then 10 years on, the cloud has become a normality of everyday life.
The digital age is new yet exciting. It involves some uncomfortable changes but if we take the public cloud for example, in the early days it delivered fantastic digital customer experience and enhanced the way businesses interact with their customers and communities. At first, only the leading-edge thinkers adopted the cloud but now, it’s mainstream.
We need to think about AI and business the same way we used to think about the public cloud – and follow it mindfully on its adoption journey. Because we’re only at the very beginning.
3. Return to the office
Finally, I’d like to recognise the return to the office and how cities and businesses around us are benefiting from that. The buzz of the major cities again is a great thing for business. Cafes and restaurants are full of chatter again. The office is full of excitement with more colleagues coming in to collaborate with one another.
As we talk about ever changing technology and AI, you can’t replace the benefits of human, social interaction. Returning to the office is allowing people to have more face-to-face conversations, build stronger relationships with colleagues and clients, and a lot more effective collaboration is happening. People are utilising whiteboards again and personable conversations are taking place. In this hybrid workforce, businesses are able to support their employees more effectively and everyone is impacting the economy and resilience of the cities in which they work.
Sekuro remains open to the preference of our employees whether they come into the office and employees are encouraged to make the right choice for them. However, it’s very nice to see the booming human interaction and the liveliness in the major cities once again. And so, whatever change comes our way, we must remember that at the end of the day, we are all human and technology is the tool to help us achieve innovation, but business resilience also involves the human component.
Noel Allnutt
Co-Founder and Managing Director, Sekuro
Noel is a driven and award-winning IT leader. He specialises in building teams that enable companies to create a secure and sustainable competitive advantage in the digital economy. Noel also hosts the ‘Building Resilience Podcast,’ which explores the world of sport and deconstructs the tools and ethos of world-class athletes that can help create growth and optimise business and life.
More Articles
Selling the Strategic Imperative of Zero Trust to Your Board
In conversation with Nathan Wenzler, Chief Security Strategist at Tenable (Part 2)
