Craig Bates, vice president for Australia and New Zealand (ANZ) at software firm Splunk, has emphasised the need for New Zealand to develop consistent cybersecurity standards and centralised investment.
In an exclusive interview with TechDay, Bates highlighted the critical role of government regulations and proactive strategies to combat emerging cyber threats.
“We believe that security and resilience are fundamentally data problems,” he told TechDay, as reported by Security Brief New Zealand. “You can’t protect what you can’t see. Our job is to help our customers adopt our tools, enabling them to achieve comprehensive visibility across their technology operations and identify threats or vulnerabilities in their networks.”
Bates discussed the dual impact of artificial intelligence (AI) on cybersecurity.
“While AI can significantly reduce the cybersecurity skills gap by automating administrative tasks, it also lowers the barrier to entry for cybercriminals,” he said. “AI represents an opportunity to solve the biggest challenge, which is the skills shortage, but it also lowers the barrier for cybercriminals, requiring organisations to be constantly on the front foot to defend themselves.”
Bates also pointed to the increasing complexity of cybersecurity, compounded by a rapidly evolving regulatory environment.
He noted that governments worldwide are striving to establish standards that keep up with technological advancements.
“Effective cybersecurity requires a holistic approach. Prescriptive guidance around what’s required for government agencies and organisations is essential,” he said. “We’re seeing good steps towards this in Australia with the Security of Critical Infrastructure Act and related measures.”
In discussing the cybersecurity landscape in ANZ, Bates identified the skills gap as a major shared challenge.
“It’s the top challenge I hear from customers in Australia and New Zealand. AI can help move the needle, but we also need ongoing education and grassroots efforts with universities to build the necessary skill set,” he said.
Despite existing efforts, Bates believes New Zealand needs to do more. He urged the government to implement consistent standards and centralised investment to proactively address cyber threats.
“Traditional ways of procuring technology systems are too slow for how quickly the space is moving. We need standards around security information and events that enable consistent decision-making across a broader surface area,” he said. “This approach reduces the effort required across multiple agencies and enhances overall security more quickly.”
He advised the New Zealand government to foster private-public partnerships to guide effective security postures. He also stressed the importance of standardisation in reducing the skills gap and ensuring consistent cybersecurity practices.
“Without clear direction, it becomes difficult to fund and understand what needs to be done. Standardisation allows for better decision-making and leverages the benefits of scale,” he said.
Reflecting on recent significant data breaches, Bates underscored the importance of fundamental cybersecurity practices.
“The core capabilities of organisations to have the greatest possible understanding and visibility of their environment are critical. These breaches highlight the importance of staying ahead in terms of security posture,” he said.
Bates stressed the need for New Zealand to adopt consistent standards and centralised investment in cybersecurity. He believes these steps will help the government and organisations proactively tackle cyber threats in an increasingly digital world.
A recent study revealed major gaps in cyber recovery efforts among ANZ organisations, with 50% of organisations found to be at a “very immature” level regarding cyber resilience.