Login
iscover
Paul Henaghan, managing director of Cohesity Australia and New ZealandShare this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
As cyber attacks increase and Australian financial institutions find themselves increasingly in the crosshairs, just three simple steps could help companies recover faster.
In recent months, Australia has found itself at the epicentre of a rising wave of cyber attacks. The financial services sector has increasingly been caught in the crosshairs with cyber attacks striking some of the country’s most trusted financial institutions, including AustralianSuper, Commbank, and NAB.
AustralianSuper was hit with 600 attempted cyber attacks over a one-month period, with four members losing half a million dollars combined. Shortly after, thousands of Australian banking passwords were leaked on the dark web, raising concerns about credential harvesting and the broader risks to digital identity security.
These are not isolated incidents; they are part of a broader, escalating trend. The Australian Signals Directorate’s Annual Cyber Threat Report highlights a 23 per cent year-on-year increase in cyber crime reports, with a cyber attack occurring approximately every six minutes.
Recent research commissioned by Cohesity underlines this, showing 72 per cent of Australian respondents said their company had been the “victim of a ransomware attack”, with a majority also having paid a ransom in the last two years, and the vast majority expect the threat of cyber attacks to increase significantly in 2025 compared to 2024.
Financial services institutions continue to represent the highest-value targets, and hence are one of the most targeted sectors. They manage trillions in assets and hold extensive troves of sensitive personal information, which provide the greatest incentive for malicious actors looking to maximise the chances of ransomware payments from these institutions, which have the most to lose in terms financial loss but also the critical damage to their public trust and credibility that the inevitable media visibility of successful attacks will bring.
With the speed of evolution of artificial intelligence (AI) further enabling cyber attackers, these attacks are only going to become more prevalent and more sophisticated.
A 3-step mitigation method
It is very important to recognise that recovery from a cyber attack requires much more than recovering data following a disruption such as a power outage. That’s because cyber criminals explicitly plan to stop that from happening – by proactively planning to reinfect victims’ systems and extend their control of stolen data – in response to the known best practices for ransomware attack reactions.
Although the risk will differ across industries, preventing the initial data loss is the crucial factor, and to do so hinges on being proactive. That is hard work, reflected by the fact that over eight in 10 organisations told Cohesity they paid a ransom despite more than two-thirds of them having do-not-pay policies to do so effectively.
Minimising this initial data theft opportunity requires several key steps to be taken:
Creating a “digital jump bag” to enable rapid, secure recovery of clean data and systems following a cyber attack. At its core, the jump bag usually contains a laptop that’s preloaded with essential security tools, along with internet access solutions like portable Wi-Fi hotspots and external storage for backups. It may also include mobile phones, in case employees suspect their primary devices have been compromised.
Beyond these basics, the jump bag incorporates a range of tools such as antivirus software, forensic utilities, log analysis programs, network scanners, and backup or recovery solutions. Just as critical, but often overlooked, are practical resources like up-to-date contact lists, system architecture diagrams, and quick-reference guides to streamline decision making during a crisis. Credentials for critical systems, copies of key assets like Active Directory, and secure access options like VPNs should also be included. Real-time monitoring tools round out the kit, helping teams stay aware and responsive throughout the incident.
Having a set of product capabilities and workflows that save significant time. The design should be segmented into three stages: preparation for the scope of a cyber attack, detection and containment, and recovery of clean data into production. This then provides a trusted foundation for incident recovery, while augmenting investigations and reducing the potential of secondary attacks.
Removing all assumptions from incident response, such as assuming backups are clean, systems are fully patched, or attackers haven’t accessed sensitive data. Building a plan on assumed conditions or outcomes can create blind spots, which may result in a failure to meet specific organisational needs. Assuming nothing and verifying everything ensures the organisation is prepared and precise when faced with an attack, and this should be supplemented with comprehensive employee training.
Australia’s escalating cyber threat landscape calls for a decisive, united effort across all sectors. The cost of inaction is too great, not just in financial terms, but in the erosion of trust, continuity, and resilience. Organisations must adopt a mindset of constant readiness, invest in modern data security strategies, and embed resilience into every layer of their operations. The message is clear: preparedness is power. Those who act now will be the ones best positioned to protect their people, data, and future.
Be the first to hear the latest developments in the cyber industry.
