Corporate Australia labelled an ‘attractive target’ for cyber criminals

Following the release of the Cyber Security Industry Advisory Committee's 2022 report, Andrew Penn, IAC chairman and Telstra CEO noted that the deteriorating geopolitical tensions along with the expansion of hybrid work outside traditional corporate firewalls has contributed to cyber crimes including ransomware, mobile malware and business email compromise (BEC) significantly increase this past year.

"New technologies and the move to more time being spent online as a result of COVID has created greater opportunities for cyber criminals.

"At the same time, geopolitical tensions have grown following Russia’s attack on Ukraine, and the risk of attacks on Australian networks – whether directly or inadvertently – has also increased.

"Cyber criminals do not show bias, with attacks affecting everyone, from your neighbour working from home to multinationals," Penn said.

The Australian government's leadership through the development and implementation of the 2020 Cyber Security Strategy had been critical, Penn further explained, however, he is now calling for a continued focus on improving regulation, collaboration, and evaluation to combat increasingly common and sophisticated cyber attacks.

"It is believed Australian SMEs lost more than $81 million to BEC in the 2020-21 financial year and alarmingly, there was a 15 per cent increase in the number of ransomware cyber crime reports to the ACSC. The threats are real, so we have a lot more to do.

"There has been considerable progress since the Cyber Security Strategy was launched two years ago and there has needed to be, because the environment continues to evolve at pace and malicious actors are becoming ever-more sophisticated, more targeted, more brazen and in that context, we need to keep improving.

"The government’s strong focus on cyber security as a national priority provides an excellent opportunity to enhance coordination across government on cyber policy, strategy and response mechanisms," Penn said.

VIEW ALL

The IAC recommends seven pivotal areas of focus over the next year:

• Threat sharing: Threat sharing and government and industry collaboration are both crucial to improving Australia’s defences. The work of the Joint Cyber Security Centres plays an important role in this regard, and they should be further scaled up.
• Raising awareness: Given the scale of the challenge and the extent to which increasing awareness can make a difference, more investment and resources should be committed to cyber awareness campaigns and initiatives.
• Improved evaluation and measurement: A more universal and integrated fact base of Australia’s cyber maturity should be established to measure the effectiveness of the initiatives being implemented under the strategy, to enhance future policy decisions at all levels of government. This includes a recommendation of the development of a cyber security maturity index.
• Best practice regulation taskforce: The government should prioritise providing industry with feedback on the conclusions, including legal assessments of gaps in current legislation and any proposed initiatives or changes being considered.
• Hardening Australian government IT Systems: The government needs to be a role model in its own operations, while also improving the security of increasingly digital government service delivery.
• Protecting Critical Infrastructure and Systems of National Significance (CI-SONS) industry engagement: Supporting regulations and any future amendments will need to be carefully designed and implemented in partnership with businesses to reflect the specific dynamics, technology and characteristics of each sector, ensuring a baseline uplift across all sectors.
• Cyber skills: We must increase our cyber awareness right the way across the spectrum from deep cyber expertise to basic cyber hygiene practices and this needs to be done through our schools and universities, governments and industry. Cyber needs to be a key topic at the Jobs and Skills Summit next week and the Cyber Security Strategy needs to be expanded to embrace this challenge fully.

The IAC asserts, as Australia continues to navigate an increasingly complex cyber threat landscape, now is the appropriate time to refresh and expand from the 2020 Australian Cyber Security Strategy.

The security of the nation’s digital infrastructure and platforms is critical, Penn added, to ensure Australia was able to benefit from the opportunities provided by the digital economy. While technology innovation offers Australia huge opportunities, adaptive cyber offenders have leveraged the changes to their advantage.

"The promise of the digital economy is not guaranteed – in fact, while the security of our digital infrastructure and platforms has never been more important, it has also never been more fragile.

"Not only are they at risk from cyber attack, but they are also exposed to other risks such as access to critical technologies, protecting interoperability of technology from the threat of the bifurcation of global technology standards, and the risk of the inadequacy of our skills base to meet these risks and capitalise on the opportunities.

"We therefore applaud the minister’s decision to shape a broader national cyber strategy through this lens; a step which will be critical to building and protecting Australia’s sovereign capability."

[Related: Putin losing information war in Ukraine, UK spy chief says]