Earlier this year, Prime Minister Scott Morrison identified Australia as the target of major organised cyber-attacks emanating from a state-based actor.
It wasn’t the first, and it won’t be the last, with Defence Minister Linda Reynolds warning the alarming "new normal" of persistent cyber-attacks on Australia is blurring the difference between "peace and war".
To discuss this new normal and more, we sat down with Sean Duca, Vice President, Regional Chief Security Officer - Asia Pacific & Japan at Palo Alto Networks to talk about the role organisations play in national cyber security, and whose responsibility it is to keep our information safe. Spoiler alert: it’s all of us
Sean Duca - image credit Palo Alto Networks
Hi Sean, can you tell us about your background in cyber security - what your current role involves at Palo Alto Networks, and why you are passionate about the field?
I started working at a company which did technical support for a number of software companies who didn’t have representation in Australia. There I learnt and supported Dr Solomon’s antivirus software which later got acquired by Network Associates (McAfee) where I then moved to. I worked at McAfee for 15 years in a range of roles from support engineer, sales engineer, sales engineering manager, an enterprise architect with my last role as the chief technology officer for the Asia Pacific region. For the last 5 years, I have been at Palo Alto Networks as the vice president and regional chief security officer for the Japan and Asia Pacific (JAPAC) region.
In my role, I work with organisations and the industry at large to change the narrative that cyber risk is a risk every executive needs to take on board and manage it like any other risk. I lead a team of threat intelligence analysts for our threat intelligence group, Unit 42, whose job is to research and analyse the adversary targeting interests in this region. I’m passionate about cybersecurity as it's dynamic, ever-changing and allows me to constantly learn and be challenged.
This year, Australia was a target of a major organised cyber-attack, but we’ve also seen attacks move beyond just critical infrastructure and government targets (Lion as an example). Is cybersecurity a problem for the IT department, or does it extend more broadly across the organisation?
It extends across the organisation as everyone has a role to play. Cyber is a vector for good and bad things to happen. It’s up to all of us to ensure that we do what we can to protect ourselves, families and the companies we work in.
As Australia continues to face these growing threats, what do you think will be some of our biggest challenges we face over the next few years?
If I look back, the same themes have been repeated and continue to evolve. Ransomware and Phishing will be around for some time as the cybercriminals know that it pays, and allows them to collect and harvest our data. With everything being connected more and more, I expect to see the Internet of Things (IoT) devices being targeted and used for nefarious activities, whether it be a way to get into an organisation or used as a botnet to target someone or something. 5G is expected to be the norm in the coming years, allowing communications services to leverage extremely low latency, which cyber criminals will use to target our dependence on these services and systems which may in turn compromise the availability of the systems.
AustCyber's research has predicted that Australia is facing a skills shortage of 18,000 cybersecurity experts by 2026. What do we need to do differently?
The demand for cybersecurity will continue outstripping the supply until there is a fundamental shift in mindset. Automation is going to be a key element in the future of cybersecurity because human operators should not be required - and expected - to do everything. Instead, they need to harness skill sets that cannot be automated and focus on higher-order tasks such as problem-solving, communication and collaboration. Companies need to stop searching for the elusive unicorn (it doesn’t exist!), stop looking in the same well and start looking in the right one for talent.
There has been some buzz around AI in the Cyber security field this year. Is automation the future for our security needs, or will we always need cyber security trained professionals across the workplace?
We will need both. Artificial intelligence is playing an increasing role in cybersecurity, with security tools analysing data from millions of cyber incidents, and using it to identify potential threats which complements the work security professionals do. Automation can help alleviate the volume of work and tasks security professionals deal with, but we will always need everyone to ensure they know their role when it comes to security.