Today, Standards Australia hosted an Innovation in Cyber Security webinar with Edward Farrell, Director, Mercury Information Security Services.
During the webinar, we discussed the pitfalls in Cyber Security in a modern technologically focused economy, how standards come in to play, and how to implement security processes to protect information and organisations.
Mr Farrell is a cybersecurity consultant and lecturer at the Australian Defence Force Academy. His expertise lies in penetration testing, threat emulation, wireless technologies and defensive practices in the face of sophisticated adversaries.
In 2015, Mr Farrell created Mercury Information Security Services. An organisation that seeks to provide a comprehensive range of customised information security services and advice, that enables businesses to secure and protect all aspects of their organisation.
Ahead of the event, we met with Mr Farrell to learn more about his work in Cyber Security.
You started your career as a network engineer, how did this evolve to Cyber Security? And what first drew you to the industry?
You could say I fell into the industry a bit. Growing up, my dad was an early adopter of technology and was hugely into computers and the way they worked in the 70s and 80s. Looking back further, my grandfather was one of the first members of the ACS and his father one of the first mechanics in South Australia. I was always quite technically minded so Cyber Security felt like a natural fit.
What is penetration testing and how does it benefit Australian companies?
A penetration test is an approved, simulated cyberattack on a computer system, performed to evaluate the security of the system.
The test works to identify weaknesses, including the potential for unauthorised parties to gain access to the system's features and data, as well as strengths.
A ‘Pentest’ provides a real service and allows companies to understand their needs. It’s also not always a negative experience: pen testing often provides positive assurance, allows internal teams to rehearse worst case scenarios, as well as being educational and informative. It really works to offer guidance and solutions.
How unprepared is the average Australian company when it comes to Cyber Security?
This is a question I get asked regularly.
It really does depend on the company and varies greatly case-to-case. Some companies are incredibly prepared, others less so.
There’s a very broad spectrum of capability and needs, and different companies need assistance in different areas, it’s rare that two experiences are the same.
What are the pitfalls and recurring errors in Cyber Security?
As mentioned above, every company and situation vary greatly. There’s a uniqueness to Cyber Security – which is what I find so interesting.
However, recurring mistakes often come from simple human error, which can include negligence, tiredness, lack of knowledge about cybersecurity threats, and not understanding the value of the data.
This is why standardisation, knowledge and training are so important in this industry.
What do you think the future of Cyber Security looks like?
I believe every day is a school day In Cyber Security, no two experiences are the same and we are constantly learning and adapting which will continue into the future.
I think this will be the case five years from now, there’s no destination with Cyber Security – it’s a journey that keeps going and evolving.
To find out more, register to attend the Innovation in Cyber Security event - Upcoming Events | Centenary | Standards Australia.
Details on all other upcoming events can be seen on our website.