Cyberattacks were crowned the fifth top rated risk in 2020 and have become the new norm across public and private sectors. To help protect, grow and advance the state’s digital economy, The NSW Cyber Security team have developed a new cyber security strategy.
To learn more, we spoke with Acting Director of Policy, Engagement and Research at Cyber Security NSW, Sophie Hill, on the new strategy and how the NSW Cyber Security team is working hard to create a culture of cyber security resilience across the fast-growing sector.
Hi Sophie! Tell us, what’s new in the Cyber Security strategy?
As many of us already know, cyber security, privacy and resiliency are all closely tied pillars used to prevent cybercrime and enable cyber safety for NSW Government, NSW citizens and the organisations and individuals that rely on our services. That’s why Cyber Security NSW has joined forces with Investment NSW to create a new sector-wide strategy that better outlines our objectives across cyber security, privacy and resiliency.
As part of our new strategy, we are focusing on four new commitments:
- Increase the NSW Government’s cyber resiliency
- Help NSW cyber security businesses grow
- Enhance cyber security skills and workforce
- Support cyber security research and innovation
These four commitments are supported by several new objectives, which you can learn more about on the digital.nsw website.
Do we have a complete understanding of the cyber threats and risks in our department?
Cyber security is a constant game of cat and mouse with respect to the risks we face in our digital environment. As a whole of government function, Cyber Security NSW is helping to increase the resilience of NSW Government clusters by sharing with them intelligence and information on emerging cyber threats. As part of the new 2021 Cyber Security Strategy, the government is now shifting from a reactive approach to proactive approach when managing our cyber security risks and threats. By being more vigilant, we can understand not only our current threats and risks within the department, but any emerging ones as well.
How do we detect and respond to cyber-attacks?
Basically, the department deploys monitoring processes and tools to facilitate incident identification and response, which you can read about in our Cyber Security Policy. Agencies can also monitor and scan for any actions from advisories and alerts issued by Cyber Security NSW.
If you would like to learn more about how we respond to cyber-attacks, you can check the NSW Government Cyber Incident Response Plan.
How can we prepare our colleagues to play their security role?
Firstly, as part of the onboarding process, all staff are required to complete the Information Security Awareness course on MyCareer. As well as this course, our colleagues can attend one of our Cyber Security Essentials training, hosted by Cyber Security NSW. These training sessions cover the most common cyber threats and risks, as well as how we can protect ourselves from these risks.
We also strongly encourage all staff to report any suspicious emails, by clicking the ‘Report Email’ icon in outlook or by contacting the Service desk. Remember it’s always better to report a suspicious email than ignore it, even if you didn’t click onto it!
What trends are impacting security and risk management strategies this year?
We are currently seeing a significant trend regarding ransomware attacks. Due to the rising number of ransomware attacks, our focus is on mitigating the risk by promoting our Cyber Security Essentials training, along with conducting Cyber Security exercises for agencies and clusters. Through these strategies, we aim to reduce the likelihood of a cluster falling victim.
What are the next steps for Cyber Security in NSW Government?
We are expanding our services to offer training and support to Councils, in particular executive and cyber awareness training. We are rolling out exercises to test and strengthen agency and cluster incident responses. We are also strengthening our collaboration with Investment NSW to support the cyber security sector as a whole.