Sadiq is a cyber security consultant with over 20 years of industry experience. At Check Point, he leads the security pre-sales engineering team and specializes in advising organisations across the enterprise and critical infrastructure space. Sadiq also provides thought leadership across emerging cyber compliance and legislation in Australia; regularly delivering talks, webinars and publications on topics such as zero trust, the CI SOCI bill and the federal government’s cyber strategy.

Australia’s latest cyber security strategy is a comprehensive national initiative. It’s talked about as a ‘whole of nation’ endeavor. The goal is to fully fortify the nation’s government and business resources against cyber threats by 2030. In this interview, we discuss the proposed measures with expert Sadiq Iqbal. Don’t miss this!

How do you perceive and interpret the 2023-2030 Australian cyber security strategy, as it’s currently proposed?

The federal government’s seven-year cyber strategy appears to be carefully crafted and comprehensive. It will go a long way towards addressing the current vulnerability of Australian business and citizens, reducing future risk of cyber attacks.

It includes several reforms, such as tightening government maturity levels by developing a zero-trust culture. All government agencies will need to abide by the reforms, effectively mirroring the approach that the White House has taken in relation to U.S. government agencies. The proposal has also enhanced obligations for critical departments deemed ‘nationally significant’.

Another welcome component is the strengthening of cyber obligations for the 11 sectors newly classed as critical infrastructure. This should address some of the shortcomings with the SOCI Act, as it will pressure-test the preparedness of relevant entities with cyber exercises and vulnerability assessments.

Thoughts about the Australian government’s financial investments in security?

The federal government’s commitment of an extra $600 million to counter cyber crime is instructive and instrumental, given the increasing frequency and severity of cyber attacks.

What is the most important thing for business leaders to take away from these reform proposals?

The government is heading in the right direction – ransomware is one of the most damaging potentialities for Australian businesses and consumers. Businesses need to follow-suit.

While improving visibility around ransomware, there are a variety of measures that enterprises can take in order to mitigate the threat.

We look forward to seeing how the government educates business leaders on these capabilities, especially when it comes to increasing cyber governance in the boardroom, in addition to assisting with attack remediation.

What is the Australian government doing to assist small businesses with their cyber security?

As you know, small businesses are one of the most targeted areas of late, on account of their lack of investment in cyber defenses. Several cost-free initiatives are on the table, such as cyber maturity assessments and incident response hotlines. Provided that the government can deliver on these initiatives, they’re great. There are over two million SMBs in Australia.

How do the proposed reforms align with Check Point’s methodology?

Many of the proposed reforms are in-line with Check Point’s approach and recommendations. The government now has a much stronger focus than previously on threat-intelligence sharing between entities, and also on blocking of threats, both in real-time and at scale, which eliminates the costly recovery exercise that eventuates when taking a cautious detection-only approach.