This year’s Australian Information Security Association (AISA) conference in Melbourne The Australian Cyber Conference, better known as CyberCon, has once again cemented itself as a cornerstone event for cybersecurity professionals across Australia and beyond. The 18th annual CyberCon, themed “Future is Now,” brought together experts, vendors, and decision-makers to address our most pressing cybersecurity challenges.
Reflecting on this year’s event, the keynote sessions I attended, and the conversations at our exhibition booth, I was reminded of just how pivotal the cybersecurity landscape is. Below are key themes from the conference and insights that organisations should consider as they strengthen their cyber resilience.
CyberCon: A Growing Community with a Unified Mission
CyberCon 2024 marked another milestone in the event’s evolution. With over 450 speakers and 350 sessions, the sheer scale of this year’s conference was impressive. The event continues to reflect cybersecurity’s expanding scope and significance in all facets of business and government.
For attendees, the conference was more than just a series of sessions—it was a hub of knowledge-sharing, innovation, and networking. New elements like the AI Village, live podcast booths, and a knowledge-sharing hub provided interactive spaces for exploring ideas and testing new technologies. These additions reinforced CyberCon’s collaborative spirit and its role in fostering a unified vision for cybersecurity.
The Cyber Skills Gap: A Persistent Challenge
The release of the AISA 2024 Cyber Skills Study Report painted a stark picture: one-third of Australian organisations are vulnerable due to a shortage of expertise in critical areas such as AI, data security, and identity management. Joe Sullivan’s keynote addressed the broader implications of this gap, emphasising that building resilient organisations requires not only technology but also skilled people who can navigate crises and evolving threats.
This skills shortage is both a challenge and an opportunity. Addressing this gap will require organisations to invest in education, mentorship, and pathways to attract diverse talent to cybersecurity. Leveraging training programs, certifications, and partnerships with universities and training providers could be crucial.
Transparency and Preparedness: Lessons from the Uber Breach
Joe Sullivan’s keynote candidly reflected on his experience managing the Uber data breach and the subsequent legal and reputational fallout. His message was clear: transparency and communication are essential during any cybersecurity incident. Sullivan also highlighted the importance of having well-defined policies and procedures to guide organisations through crises.
For businesses, the lesson is simple but critical—be prepared. This means conducting regular incident response drills, ensuring your team knows how to handle breaches, and aligning with regulatory expectations. Clear internal and external communication during a crisis can mitigate damage and rebuild trust.
AI: Transformative but Double-Edged
Artificial intelligence was the focus of many discussions at CyberCon 2024. However, unlike the broader market, which focused on generative AI, the conference took a more nuanced view. Discussions centred on AI’s dual role in cybersecurity: as a powerful ally in detecting and mitigating threats and a tool exploited by adversaries to orchestrate more sophisticated attacks.
Sullivan discussed AI’s practical applications in threat detection and response, while Geoffrey Robertson addressed AI development’s ethical and regulatory challenges. His call for international treaties to regulate AI underscores the urgency of responsibly managing this transformative technology.
Organisations should prioritise AI in their cybersecurity strategies, focusing on ethical use, regulatory compliance, and the risks posed by AI-driven threats. Proactive investments in AI defences and ongoing education for teams will be critical.
Critical Infrastructure and Operational Technology: A Rising Priority
As the Australian Government continues to advance policies like the SOCI Act, the importance of securing critical infrastructure and operational technology (OT) systems is growing. While discussions on this topic were prominent at CyberCon, I expect it to dominate the agenda in 2025 as regulations tighten and threat actors increasingly target these environments.
Organisations in energy, transportation, healthcare, and other critical sectors should take stock of their current security postures. Conducting thorough audits, adopting zero-trust principles, and implementing advanced monitoring solutions will be essential to protecting these vital systems.
Supply Chain Security: The Next Frontier
The interconnected nature of today’s businesses makes supply chain security a top priority. CyberCon 2024 illuminated the vulnerabilities inherent in supply chains and the steps organisations must take to address them. From deep fake scams to ransomware attacks, the risks are evolving rapidly.
Robertson’s critique of Australia’s regulatory frameworks, including the lack of significant penalties for cybercriminals, calls for businesses to take proactive action. Implementing stringent supply chain security protocols, vetting third-party vendors, and incorporating cyber risk management into procurement processes will be key to mitigating these risks.
The Future of Cybersecurity Regulation
Geoffrey Robertson’s keynote also delved into the broader regulatory landscape, emphasising the need for international cooperation in combating cybercrime. His discussion of ransomware, deepfakes, and the misuse of AI highlighted gaps in current laws and the need for robust enforcement mechanisms.
Staying ahead of domestic and international regulatory changes will be critical for Australian businesses. Ensuring compliance with frameworks like the SOCI Act and preparing for potential global AI regulations will help organisations avoid penalties and enhance their resilience.
Reflections and Call to Action
CyberCon 2024 was a vibrant showcase of innovation, collaboration, and shared purpose. It highlighted our progress as a cybersecurity community and the challenges that remain. For organisations, the key takeaways are clear:
- Embrace Transparency: Prepare for crises with clear policies and open communication strategies.
- Invest in Skills: Address the cyber skills gap by fostering diverse talent pipelines and offering continuous training opportunities.
- Leverage AI Responsibly: Use AI to strengthen defences while staying vigilant about its misuse.
- Secure Critical Systems: Protect critical infrastructure and OT environments through zero-trust principles and proactive measures.
- Focus on Supply Chains: Adopt robust supply chain security protocols to mitigate interconnected risks.
- Stay Ahead of Regulations: Align with current and emerging cybersecurity laws to remain compliant and resilient.
And if you’d like advice or assistance with any of the above actions, please reach out to us at Orro – we’re here to help.
CyberCon continues to inspire, challenge, and unite us as we face an ever-evolving threat landscape. I thank everyone who visited our booth and contributed to the enriching discussions. We can drive innovation and collaboration to build a safer digital future.
I look forward to seeing you at CyberCon 2025.
