For The Sake Of Its Cybersecurity, Australia Must Come Together
Posted: Friday, Nov 11

i 3 Table of Contents

For The Sake Of Its Cybersecurity, Australia Must Come Together
From KBI

The Pandemic Has Exacerbated Existing Security Problems

As the cybersecurity threatscape continues to become more complex and challenging, the media have primarily focused on the struggles faced by businesses. But COVID-19 responsesย alsoย had the unintended consequence of slowing the rate of incoming professional talent, including security talent, as borders were closed to impede the virusโ€™ spread.

Australia, where I live, is an excellent case in point. Not until late 2021 did Australiaโ€™s borders fully reopen, and even now, immigration officials face a tsunami of an estimated million visa applications. This means that, just as Australian organisations have had to confront a broad range of new security difficulties, theyโ€™ve also had to cope with a shortfall of security talent with which to respond.

The predictable outcome is that Australia has, in recent months, become aย major targetย for cybercriminals, leading to several high-profile breaches. Examples since only September include:

  • Australian telecommunications giant Optus, the number two player in the countryโ€™s telecom space, lost control over the personal data of an estimated 10 million customers (more than a third of the national population) in a ransomware cyber-attack.
  • Australiaโ€™s largest health insurance underwriter, Medibank, similarly reported all of its 14 million customer accounts had been accessed (more than half the national population) in a breach.
  • ForceNet, an Australian defence e-communications platform, was hit with yet another ransomware attack, the full consequences of which have yet to be assessed and quantified.

And these instances are far from isolated; Australiaโ€™s Cyber Security Centre (ACSC) reports that year-over-year statistics reflect a dramatic increase in both attacks and losses. Specifically, ransomware incidents climbed by a whopping 75% annually, overall breaches by 13%, financial losses from compromised business e-mail to AU $98 million, and other cybercrime losses to 14% overall.

The ACSCย characterisesย the quality of the attacks as advanced: โ€œEvidence suggests that exploitation was conducted by multiple actors, including state-sponsored and criminal entities, much of which was likely automated. Sophisticated actors sought to access user login data, with the likely intent to gain more persistent access once the compromise was remediated.โ€

To stem the tide of financial and data loss, the Australian government has responded byย introducingย stricter penalties for compromised companies, up to AU $50 million in some cases. “When Australians are asked to hand over their personal data,” the Australian attorney general’s officeย saidย in a statement, “they have a right to expect it will be protected.”

In essence, the federal government has opted to respond with a stick rather than a carrot while organisations are asked to fend for themselves with fewer resources.

Bolstering Security Through a Collective Defence Mindset

This introduces an obvious question: How can nations facing this double challenge of escalating cybercrime and a pandemic-driven security talent shortfall best respond?

Superficially, it might seem that you canโ€™t improve security without hiring new security professionals, and you canโ€™t hire new professionals when itโ€™s challenging to bring talent into the country. Fortunately, there are compelling alternatives to direct security hires for bolstering security on a holistic level. None is a complete substitute, but necessity requires we explore some such strategies.

First, the security community should embrace an ideology of collective defence in Australia and beyond. Todayโ€™s enterprises are global, and they should respond to the threat of cybercrime like it. Private businesses and governments are not in competition to be more secure. They both benefit from making it so. As such, they should engage in information sharing, community building, standard development, and any other practice that helps protect citizens and customers from cyber threats.

In addition to a collective defence mindset, companies in a position to fine-tune their operating model to reduce risk should consider targeted strategic sourcing as an option to ensure gaps in security services are managed. Every tool and partner needs to be put under the lens of a strategic partnership, control effectiveness, and a collective mindset.

Consider zero trust architectures (ZTA), for example. Broadly defined, ZTA is a digital architecture in which access privileges are neverย assumed,ย but instead actively interrogated at every request for access based on all availableย context. All entities, whether machines or end users, mustย proveย they are who they say they are before any type of network transaction occurs, such as viewing database records, copying or deleting files, or executing applications.

Properly implemented, ZTA can deliver significant improvements in end-to-end security while reducing complexities introduced by point solutions and inefficient network setups. It has the power to limit the blast radius of any breaches that do occur, shielding organisations from some of the most painful consequences of an attack.

By choosing a security partner already well versed in all the relevant complexities, organisations can achieve a best-in-class ZTA in relatively short order. And they can do that without having to staff up, dramatically increase security training, or worry about how effective the strategy will continue to be in the future.

Australia would benefit from taking both a more collaborative and more modern approach to the twin threats of rising cybercrime and shrinking resources. By fostering cooperation between leading businesses, governmental organisations, and the experts whoโ€™ve developed leading security solutions and best practices, society as a whole will make more progress toward its goals than any penalty could prompt.

Cyber is a team sport and, as a nation, we must work together to solve security challenges โ€“ efficiently and comprehensively โ€“ before cybercriminals can do more significant damage.

What to read next

The security risks of taking a stand

โ€˜Cyber isolationismโ€™ is making CXOsโ€™ jobs more complicated โ€“ and more critical

The Production Team
The KBI Production Team is a staff of specialist technology professionals with a detailed understanding across much of cybersecurity and emerging technology. With many decades of collective industry experience, as well as expertise in marketing & communications, we bring news and analysis of the cybersecurity industry.
Share This