As we look ahead to 2026, the cyber landscape confronting Australia is more volatile than ever, and the implications for government, critical infrastructure, and enterprise are profound. Every connected device, every credential, every unpatched system is now potential entry point zero.

Data from the Australian Signals Directorate (ASD)’s Annual Cyber Threat Report for 2024-25 underscores the cybersecurity challenge for  Australian enterprises and government agencies.

As costs of attacks skyrocket and the nature of attacks evolve rapidly, the passive approach of manually hunting for threats is woefully inadequate for 2026.

The Blurring Line: State Actors and “Living off the Land”

Sophisticated, state-sponsored actors are a persistent, active threat to Australia. Armis research revealed that 9 out of 10 (92%) of Australian IT leaders are concerned about the impact of cyberwarfare on their organisation. Over half (51%) have experienced more threat activity on their network in the past six months.The actors are relentlessly targeting government, critical infrastructure (CI), and private enterprise to conduct espionage and, more alarmingly, to pre-position for future disruptive attacks.

But here’s the critical challenge: these advanced actors are increasingly “living off the land” (LOTL).

They aren’t just deploying noisy malware. They are compromising networks and then using your own built-in tools, like PowerShell, WMI, and other admin scripts, to blend in with normal network activity. This turns your traditional, signature-based detection systems into passive talkers, unable to spot the malicious “doer” already operating with valid credentials.

This sophistication is trickling down. The line between state actors and top-tier cybercriminals is blurring. Criminals are using information-stealer malware to harvest credentials, which are then used to enable devastating ransomware and Business Email Compromise (BEC) attacks.

If LOTL is the “how,” the “where” is just as alarming. Malicious actors are systematically targeting the new, undefended enterprise edge. The ASD report highlights three major weak points in Australia’s cyber defences: edge devices, DDoS attacks, and legacy technology. Routers, firewalls, and VPNs are being exploited with alarming success—96% of observed attacks breached their targets. Meanwhile, DDoS incidents surged by 280%, becoming a primary weapon against critical infrastructure. Legacy IT remains a gaping liability as obsolete systems aren’t just outdated, they’re undefendable.

Start with the ASD’s New Mandate for Resilience

Every organisation needs to observe ASD’s new mandate to operate with a mindset of “assume compromise”.

 A good place to start building real resilience would be to consider the  “4 big moves”:

1. Implement Effective Event Logging: “You can’t defend what you can’t see”. This is the baseline. You must have visibility to detect LOTL attacks and respond to incidents. With new devices and entry points targeted, organisations need comprehensive asset visibility and map every device, no matter how old or obscure.

2. Replace Legacy IT: The risk of legacy systems now outweighs the cost of replacing them. This is a board-level financial and security decision. A proactive approach to exposure management will enable the organisation to identify vulnerabilities before attackers do.

3. Manage Third-Party Risk: Choose secure-by-design technologies. Your supply chain is part of your attack surface, and you are responsible for its security.

4. Prepare for Post-Quantum Cryptography (PQC): This is no longer science fiction. The threat of “store now, decrypt later” is real. The ASD states that planning for this transition “must start now”.

Stop Hunting, Start Responding

The game is changing in 2026 and the “assume compromise” mindset requires Australian organisations to move from passive monitoring to active, automated response. This requires 100% visibility across the entire asset estate—IT, OT, IoT, IoMT, and every edge device.

By illuminating blind spots and uncovering hidden vulnerabilities, organisations can get on the front foot of threats and transform security from a reactive shield into a proactive force for resilience.