And our leadership is vital: cybercrime costs Asia Pacific one third more in business revenue than other regions around the world, costing more than AU$100 billion last year.
Speaking at the first Australia-US Cyber Security Dialogue in Washington, Turnbull said the internet powered the modern world.
“It is the most important piece of infrastructure ever created by mankind and yet it has not been created, as most infrastructure is, by governments,” he said.
But the exciting digital age came with responsibilities to solve mounting security challenges, he said, which was why Australia and the US needed to work together to secure the cyber world.
Here are 10 key ideas raised by Turnbull at the Washington summit:
- Australian expertise can help solve global problems
Turnbull, who established Australia’s Cyber Security Strategy this year, believes locally-developed technology can help solve global cyber challenges. He says the cybersecurity sector could grow by more than 10 per cent each year for at least the next five years.
“My objective is for Australia to become even better placed to use home-grown cyber security expertise to solve challenges and develop new business opportunities of global significance,” he said.
- The economic cost of cyber attacks is too big to ignore
The huge economic benefits of online trade are at risk if cyber attacks undermine consumer confidence.
“Denial of service, hacking, phishing and malware, are disruptive to our economies, our social interactions, and — through their unwavering persistence — our sense of security,” Turnbull said.
“This undermining of our online confidence means we are not fully leveraging the digital economy.
“The cost impact of cyber attacks on companies is complex, and not limited to just a loss of shareholder value although this can be, as we’ve seen, significant.”
- Australia-Pacific pays the heaviest toll
“The Asia-Pacific region is … the most heavily affected by cybercrime — losing one third more business revenue to cybercrime than either the EU or North America,” Turnbull says, referencing a Grant Thornton study which estimates cyber attacks cost businesses in Asia Pacific US$81.3 billion in revenue last year.
“Australia has an economic imperative to build regional capacity and to smooth the way for private sector involvement in self-sustaining economies. It’s also in our best interests to be a good global citizen and to promote an open and secure internet.”
According to the Australian Government, 33% of businesses have experienced a cybercrime, at an average cost of $276,323.
- Cybersecurity requires an all-in effort
Turnbull says a secure internet requires the joint efforts of government, academia and industry. He says while governments take the lead on counter-terrorism, progressive nations know cybersecurity needs wider co-operation.
“That’s why we must work together — private sector and nation states — to secure the internet. The challenges the internet faces are greater than can be solved by any of us alone.”
- Do you know who holds the keys to the vault?
Who has access to your business network? Do you know the name of your systems administrator? The Prime Minister says it is now a necessity.
“How aware are chief executives and directors of who have access, for example administrative privileges, over the network of their own business?,” he says,
“Do you know your systems administrator? Good question. Many people do not and we should.”
- Cyber deserves a seat on the board
Cybersecurity is a leadership issue, rather than an IT issue, and deserves representation at the highest level.
“We must convince leaders, at board level and corporate sector and government levels, that cyber is one of their essential functions. That means people must be cyber ambassadors and carry that message,” Turnbull says.
“Many companies have Chief Technology Officers and Chief Information Security Officers. Both have technical knowledge and business acumen.
“The most obvious reason to value the role of a Chief Information Security Officer in board-level decision-making is the risk of cyber threat to your budget bottom line. As we are all acutely aware, a cyber- attack or data leak from even a mundane business system — like email — can have a dramatic impact on an enterprise.”
- Leaders need to examine and improve cyber-threat communication
Turnbull says one study showed 80 per cent of organisations don't frequently communicate with executive management about potential cyber-attacks against their organisations.
“Increasing the capacity for security staff to engage in conversations with senior decision-makers is absolutely critical when it comes to responding to a cyber incident.
“CEOs and boards want succinct information, which is not always easy when presented with IT security data.
“How can consistent messaging travel from IT security to customers and the public when the IT professionals speak a different language and when the next spokespeople in the chain — the CEO, the board and the reporting media for that matter — can’t necessarily speak the same language?”
- What’s in a name? The problem with cyber lexicon
Cyber language is confusing and little-understood, demonstrated by the confusion surrounding a ‘denial of service’ attack on Census night, the PM said.
“We need to know collectively that a denial of service is equivalent to having a bus parked in your driveway so you can’t get your car out, that hacked data means someone broke into the garage and took the car, and that the solutions to these two things are very different.”
He appealed to academics to turn their attention to creating a clearer cyber lexicon.
“Those outside the cyber security world don’t readily understand the relative impact of different incidents, typical investigation timeframes, or likely response options — such as shutting down a site while investigating unusual traffic patterns. We need to be able to communicate an accurate level of significance.”
- Experts have a responsibility to educate
Big business has a responsibility to help educate small business, Turnbull says.
“For each large enterprise, there are many small businesses putting a toe in the water of the online world. They are connected to you as suppliers, distributors and contractors.
“Many are far less secure, far less savvy, far less resourced than governments and big business.
“You would help secure the veracity of the Internet, the integrity of the internet of each of the organisations here with an established Information Security Officer were to seek out a small or not-for-profit enterprise with which to share your knowledge.”
As well as protecting organisations around the world from cyber attacks, MailGuard takes a key role in cybersecurity education, including notifying the industry about new outbreaks and teaching the public how to spot an email scam.
- What’s next?
The digital century is a time of remarkable opportunity, Turnbull told the forum.
“Our response to those opportunities, and to the threat of people using it criminally and maliciously, will come to define the future course of our societies.”
He posed three questions to attendees.
“I ask three things of government, industry and academia between this Dialogue and the next.
“First, and most immediate - what early achievements are possible between now and the next time the Dialogue is held?
“Second, in the short- to medium-term - what barriers can government continue to remove, either through deregulation or positive action?
“And third: articulate robust, long-term and innovative goals in cybersecurity that we can agree at the next Dialogue and then pursue with tenacity.”
See a transcript of Prime Minister Malcolm Turnbull’s keynote address at the Australia-US Cyber Security Dialogue at the Center for Strategic and International Studies.
Find more tips on identifying email scams by subscribing to MailGuard’s blog.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.