No room for "set-and-forget" in cybersecurity

People in cybersecurity are required to continuously assess controls rather than leaving it off once started.

The biggest challenge in enhancing the companies’ cybersecurity measures is to make sure to retain the project as ongoing rather than seeing it as a one-off project, says Dan Maslin, chief information security officer at Monash University.

In an exclusive interview, Maslin mentioned that cybersecurity is everybody’s responsibility, and organisations cannot rest on their laurels once they've implemented a particular cybersecurity measure.

“I think probably the biggest challenge that I've seen is making sure it's not set and forget,” he said, “If there's enhancements you've made, or a new control that's been put into place, making sure that the people are reassessing how effective that control is, and whether it's still effective against the threats that they're facing.”

Maslin explained that cybersecurity was ideally a decentralised role where everyone inside the organisation needs to adopt. He underscores that cybersecurity isn't just the domain of specialised teams but requires a more collective approach.

“In Australia, we are very collaborative with other university organisations. If we have a threat in our environment, typically they'll be facing a similar threat in their environment. And I also think it's really important, particularly when you have similar organisations to share findings, share threats, and to share information and collaborate between the sectors,” he cited.

For Monash University, this communal approach means ensuring "students, staff, and partners be really aware of the threats they're facing."

Maslin said that by understanding risks such as phishing and ransomware, individuals can better protect themselves, both professionally and personally.