SPECIAL REPORT: A startup company backed by Perth dealmakers John Poynton and Harry Karelis illustrates the commercial potential of cyber security.
It is ranked among the top 10 cyber security research groups in the world, putting the institute at the forefront of a global trend.
Interpol has just six academic members on its cyber crime experts group, and two of them work at ECU – Professor Valli and his colleague Andrew Woodward.
While criminal forensics is one area the institute specialises in, it is also working with the business sector.
Professor Valli believes Western Australia is particularly exposed to risk of cyber attack due to the state’s economic dependence on mining and petroleum projects that increasingly are controlled remotely.
Remotely operated technology is also used to control infrastructure such as power supplies and water supplies.
That’s where SC8 (pronounced Skate) comes in.
“Our mission is to find technology with global potential that nobody else has discovered,” Mr Karelis said.
“We formed a company to pull together the people, the project and the capital.”
SC8, which is jointly owned by ECU and Jindalee’s investors, raised $1 million in 2016 to develop a ‘proof of concept’ and a further $3.5 million in September last year.
“We’ve achieved all of the intended goals of production platform one, and we will just continue to grow,” Professor Valli said.
SC8 is now working with ASX100 companies helping to protect their remote operations, and is planning a commercial launch later this year.
“We’ve now got a large industrial company signed on and there are two others racked and ready to go,” Professor Valli said.
SC8’s system is used to analyse network data, to look for anomalies and report back in real time.
Professor Valli described it as a ‘system of systems’.
“There are lots of little pieces in the market that solve little problems; what we’ve done with the SC8 platform is bring together the jigsaw,” he said.
“Through that integration, the sum of the parts is greater than the whole.”
Messrs Poynton and Karelis are not the only dealmakers pursuing opportunities in cyber.
Whitehawk describes itself as the world’s first online security exchange, enabling small and mid-sized companies to identify their cyber risks and connect them with appropriate products.
Professor Valli said there was increasing awareness in the business community of cyber risk, but there was a long way to go.
“We have to be more cautious and more aware of the compounding threats and take appropriate, reasonable countermeasures through good governance and good risk management,” he said.
Professor Valli suggested cyber risk needed the same level of attention as occupational safety and health.
He said many consultants and boards wanted to be able to ‘tick off’ cyber risk by implementing some form of solution.
However, he warned there were a lot of cyber ‘shysters’ touting solutions.
“They have always got a silver bullet, but there is no single solution because the threat is multi-faceted,” Professor Valli said.
He also cautioned there was often a big disconnect between boards of directors, which sought to address the strategic risk, and people who ran the organisation.
“It hasn’t filtered down through the organisation and caused real operational change, to have the impact the board is trying to drive,” Professor Valli said.
He said Australian organisations also needed to be aware of the regulatory focus on cyber risk.
He cited Europe’s general data protection regulation, which comes into effect in May.
It requires organisations holding data belonging to individuals from within the EU to provide a high level of protection and explicitly know where all data is stored.
This regulation applies to any organisation with an establishment in the EU, offering goods and services in the EU, or monitoring the behaviour of individuals in the EU, and imposes fines of up to €20 million.
DXC Technology managing director Australia and New Zealand, Seelan Nayagam, believes there is a high level of awareness of cyber risk at board level.
“I don’t believe any board now believes cyber risk is hype,” Nayagam told Business News.
“There are many businesses around the world that have been brought to their knees.”
Mr Nayagam was in Perth recently for the opening of DXC’s new CBD office, and to announce the acquisition of local firm M-Power Solutions.
Seelan Nayagam says it is impossible to eradicate the risk of cyber attack.
That deal lifted DXC’s staff numbers in WA to 330, making it one of the top four ICT firms in the state, according to data compiled by Business News for the BNiQ Search.
Mr Nayagam said it was impossible to eradicate the risk of cyber attack.
“You need to have cyber security, and that is now clearly a board topic,” he said.
“If you are going to participate in the digital economy, you’ve got to have cyber risk at centre stage.
“You just have to assume you are going to be attacked, the challenge is how do you respond, and how do you contain it?”
DXC’s regional leader WA, Mike Munson, said his firm was aiming to help customers manage this change.
“We are leading customers on their digital transformation journeys, and we’re certainly having very broad business conversations as opposed to five years ago having IT conversations,” he said.
“The digital economy is driving that change, it’s driving customers to look at how they interact with the market, plus demographics and innovation.”
EY’s 20th global information security survey found Australian and New Zealand companies are underprepared for cyber attack, with a lack of investment, strategic awareness and general complacency regarding cybersecurity.
The survey found Australian and NZ corporates rank the risk of careless employees as the highest area of cybersecurity concern.
Almost half of those surveyed indicated data loss or leakage as an area of low concern for them.
EY’s APAC cyber security leader, Richard Watson, said this was the very combination of factors that led to a large number of recent cyber attacks.
The EY survey also found 88 per cent of Australian respondents wouldn’t be able to detect a sophisticated cyber attack.