Khalil was speaking just before the world was hit with another virulent ransomware virus, known as Petya, which has taken out servers at Russia's Rosneft, global law firm DLA Piper, shipping and oil giant Maersk, the Ukraine's power network, and the Cadbury's Hobart factory, among others.
It is understood cyber attackers were demanding a ransom in the virtual currency Bitcoin, with the promise of unlocking computers that have been blocked by an all-but-unbreakable encryption, until their e-mail accounts were terminated.
Petya may be based on code developed by the US National Security Agency, similar to the recent WannaCry ransomware attack, and has been described as "unsophisticated".
IT experts continie to advise clients not to pay any ransom on infected systems, as there is no guarantee the system can be unlocked, and payments will only embolden future attackers.
The virus appears to be spreading via phishing emails designed to lure employees into opening them.
The attack comes soon after IFS recently released its latest Digital Change Survey, which revealed local organisations face serious skills shortages in key technical areas including cyber security, artificial intelligence, robotics and the Internet of Things.
Speaking to Energy News after the survey, Khalil said many organisations get around the things they have to do - compliance - with a dangerously simplistic "box-ticking approach" saying they've employed certain people or spent money on a particular system.
"It's not about fixing the real problem, it's about throwing money at it to tick off some boxes to show the regulator or whoever is monitoring them," he said.
"These sorts of things are quite common. If they really want to fix the problem, they need to fix their internal culture. It's not going to happen tomorrow, it has to change over time, and you need to push that from the top."
Most of the world's internet traffic touches CISCO systems, and while Energy News understands that the vulnerability of the massive Wannacry cyberattack that occurred during APPEA 2017 was not with CISCO but Microsoft's Windows operating system, the firm is a partner of Woodside Petroleum in defending against it.
While Woodside was on top of the situation and Energy News can confirm that the oiler was not impacted by the cyberattack, Khalil said that "Perth especially seems to be [the attitude] that ‘we're too far away'" to be affected by such risks.
"They're still in that isolation mindset, like at a mine site or an oil rig can have a bowser in the middle of nowhere, and they won't put a fence around it because they don't need to, because it's hundreds of thousands of k's from anywhere, who the hell is going to sabotage a bowser?" he said.
"Even though they say a lot of things [about digital transformation], they're still on this type of thinking that we're miles away from anywhere, it's not going to happen, and until it happens, that's when all of a sudden it's ‘oh my goodness, everything is changing'."
Yet the reality is that robotics and artificial intelligence is a long way away from being productionised, and are therefore not such a concern for small to medium sized companies to worry about.
"I remember when we implemented irock and we wanted to do central control of a lot of things. Everybody thought that means their job is gone, which is natural and fine, but companies aren't doing enough to get the message across that it's not about jobs it's about safety [or whatever their motivation is]," he said.
Besides, Khalil said, those sorts of things can only work if you have cybersecurity in place.
"If you haven't got cyber in your organisation and you put [robotics or AI] in, you've now opened yourself up for a massive issue where people can get straight down to that robot and impact the rest of the organisation," Khalil said.
"These things are about culture, and take a long time to get across people's mindsets."
