Creating a positive cyber security narrative in A/NZ

Whether Channel Nine or the New Zealand Stock Exchange, high-profile cyber attacks are becoming the norm on both sides of the Tasman, shaped by a common editorial narrative flowing through the media.

While concerning to both individuals and businesses – and important to reflect the true magnitude of the issue – such negativity is hindering the ability to have strategic and positive discussions pertaining to security.

In 2021, the industry requires more than fear mongering to raise security awareness, rather a collective approach to highlight areas of best practice, the mission-critical role of the channel ecosystem.

“The world has never been more connected and cyber threats are growing in intensity and scale,” observed Simon Green, president of Asia Pacific and Japan at Palo Alto Networks. “The nature of cyber security tends to be perceived negatively at times.

“As industry leaders within cyber security, we need to actively switch our mindset from sharing stories that highlight the risks involved in cyber security to the positive stories we see everyday within our community.”

For example, Palo Alto Networks recently launched the Cyber Safe Kids program to provide Australian children with the education and hands-on experience required to secure their digital future.

“As the global cyber security leader, we are always committed to making the world safer than the day before,” outlined Green, when addressing strategic system integrators, service providers and distributors during the vendor’s recent Partner Advisory Council (PAC) in Australia and New Zealand.

The discussion centred on the importance of creating a positive cyber security narrative in the local market, outlining ways in which the ecosystem can balance tone and messaging without detracting from the seriousness of the topic.

“Just about all coverage is related to attacks and the damage they have caused,” one CPAC member noted during the interactive roundtable debate. “We need more positive news stories on how organisations have succeeded through becoming more effective at security.

“We obviously should not necessarily always be promoting stories about how we have stopped adversaries as that could attract unwanted attention but putting a spotlight on trans-Tasman success stories that have treated security as a principle of doing business would change attitudes.” Our industry is a power for good and people should know this if we are to attract the best future talent.

Boosting collaboration levels

One such approach to help change media attitudes is to reinforce the “sense of mission” which is starting to develop within the industry, moving away from the competitive and commercial element of cyber to instead prioritise enhancing collaboration levels among experts and specialist providers.

As one leading trans-Tasman partner stated, cyber security was once considered to be an “insignificant role of the geeky techie in the backroom”, the focus has now shifted to the criticality of protecting society.

Spanning home, business and health to national security and the machinery of government, all aspects of day-to-day life now depend on reliable and secure digital infrastructure delivered by a network of System Integrators, IT vendors and distributors.

“Hospitals, shops, individuals and major companies are all being targeted and this positive aspect of the mission – to protect them – is a great theme,” added the partner. We have a social conscience and believe in looking after our community.

Delving deeper, the group were united in the belief that the more the channel collaborates and shares threat intelligence, the more likely the industry will be able to effectively combat the adversaries continuing to attack local businesses and government agencies.

“This already happens to some degree but effective collaboration between vendors as opposed to government or enterprise organisations is not a reality,” another CPAC member documented.

The importance of collaboration was echoed further by Sam Salehi – sales director of Southern Region at Trustwave – who outlined that despite notable industry competition, widespread co-operation can help shed a positive light on a topic of increasing national importance, in addition to reducing end-user complexity in the process.

“Our primary purpose is cyber security,” he said. “The only systems we integrate are dedicated to security and many of our customers choose us because we are specialists in this space.

“The system integration industry at large is busy selling the myth that their cyber security kung fu is better than that of their competitors,” he said. “We should all be collaborating on this more, rather than trying to compete with each other and make it less complex for our customers to pick the right solution.”

Within this context of collaboration, the role of the distributor is expected to take on new meaning as a core connector of the channel, leveraged as a vehicle to develop new – but also to support – existing cyber security communities.

“As an organisation we strive to create a platform that empowers our partners to work collaboratively with leading vendors to transform the fear-based narrative around cyber security and instead promote the effects of better threat intelligence,” added Phil Cameron, managing director of Australia at Westcon-Comstor.

Enabling business, educating the industry

Building upon a desire to create a foundation of collaboration within the channel, changing the media narrative in relation to cyber security also requires increased commitment to market education and business enablement, as highlighted during the CPAC discussion.

According to IDG Security Priorities research, 30 percent of businesses across A/NZ and the wider region remain hampered by a lack of employee awareness and training in relation to cyber security.

As a result, more than half (54 per cent) cite the adoption of cyber best practice as determining security spending in the months ahead, with 52 per cent specifically committed to improving end-user enablement.

Within this context, CPAC members advocated that to trigger meaningful change, cyber security should no longer be considered as a domain which solely focuses on the threat landscape, adversarial activity and the fear that is generated by media coverage.

Rather, cyber security should be viewed as an enabler of business capable of ensuring organisations remain resilient and can safely venture into new developments and initiatives by embracing a ‘secure by design’ approach.

In helping customers adopt this modernised cyber attitude at boardroom and organisational levels, the channel can trigger a domino effect of change capable of rippling down into the mainstream media.

Central to such efforts is leading partners consulting with organisations to assess current security posture before building initiatives to progressively improve environments in a move designed to help businesses accurately balance risk vs. investment.

“This approach enables organisations to adopt a cultural change to cyber security and embed security as a principle at a governance level and into operational effectiveness,” one CPAC member explained.

Furthermore, compliance was also cited as a key driver for security improvement, overcoming the traditional end-user barriers to adoption to establish a positive and significant form of business enablement.

“We have plenty of evidence to suggest that achievement of ISO 27001 certification opens doors to win contracts that organisations that do not have this capability cannot compete to win,” one partner added. “We use examples of success to show how ‘doing security well’ can increase commercial performance.”

In addition to business enablement activities, the industry must also move ahead with plans to encourage governments and educational institutions to invest in cyber security courses to help build regional communities of talent.

One example is through supporting internship programs and investing in community programs, but the CPAC remained aligned that further support is needed to extend the number of Primary, Secondary and tertiary institutions delivering such courses to ensure widespread availability across the market.