deepagopi2011 - Fotolia

Australia’s security software spending sees growth spurt

Australian enterprises are increasingly investing in security software as the threats to data continue to multiply

Australia’s enterprise spending on security software far outstripped the global average in 2015, with $A581m spent as organisations continue to struggle with hackers and data breaches.

According to Gartner, the global security software market rose by 3.7% in 2015, while Australia recorded a 19.4% leap in spending.

Local businesses remain so concerned about systems security that they are prepared to spend heavily on software solutions despite unfavourable exchange rate with the US dollar.

This is particularly the case for consumer security, endpoint protection platforms, identity governance and administration, web access management, security information and event management systems. Symantec remains the biggest single global supplier in the sector by a considerable margin.

Australia’s national focus on computer security should increase after the appointment of the country’s first cyber security minister. Former diplomat Dan Tehan was announced in mid-July as minister assisting the prime minister for cyber security.

However, keeping an eye on the nation’s cyber security will be just one of Tehan’s roles. He is also minister for veterans affairs, minister assisting the prime minister for the centenary of Anzac, and minister for defence personnel.

Prime minister Malcolm Turnbull unveiled Australia’s $230m, four-year Cyber Security Strategy in April – and trumpeted the national importance of cyber security, prompting some to question why the ministerial role has been shoehorned into Tehan’s already packed portfolio.

Tehan will, however, have the support of Alastair MacGibbon, a special adviser to the prime minister on cyber security, and a yet-to-be-appointed cyber ambassador, who will be involved in international liaison on cyber security issues.

Read more about cyber security in Australia

Whatever the government’s cyber security focus, local enterprises are being urged to take a more holistic approach to computer and information security. Bolting on security solutions has been depicted as the equivalent of installing padlocks and closed-circuit cameras on a house – it helps, but offers no guarantees.

Global IT association ISACA and the International Society of Automation recently issued a white paper and recommendation that organisations merge their information technology and operational technology for greater protection – something Gartner has been advocating for some time.

According to the organisations and the white paper, the current lack of alignment between operational technology and information technology creates “a climate ripe for attacks on critical infrastructure and Scada [supervisory control and data acquisition] systems that monitor and gather data in real time to remotely control equipment and conditions”.

Australian organisations are also being urged to be more vigilant about information governance – so that even if cyber attackers get past the padlocks and cameras, the information available to them is tightly managed and controlled.

A new organisation, Information Governance ANZ, will be launched formally in August as a forum for Australian and New Zealand governance professionals. Co-founder and director Susan Bennett said Australia is lagging behind the US in information governance, despite there being significant risks for organisations that choose to store every piece of computer-generated data just because it is technically possible.

Bennett said this not only makes a company a greater security target, but also puts it at risk in terms of regulatory examination or litigation.

“With all the money spent on cyber security and ever-increasing cyber attacks, one of the issues is: how much money do you continue to spend?” she said. “How do you allocate your technology spend – security, yes – but also how do you deal with information – what do they get access to once they have been inside?”

Bennett said proper information governance, including de-identifying personal data, particularly for health or financial institutions, could help reduce the impact of cyber breaches.

Read more on Web application security