Prime Minister Scott Morrison delivered an unprecedented press conference last Friday, warning the government, businesses and services are being attacked by a “sophisticated state-based cyber actor”. According to the PM, the activity is “targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure”.
While Morrison didn’t go into detail on the subjects of the attacks or whether said attacks were successful, and refused to attribute the attacks, what was clear was cyber-attacks are escalating—in scale and frequency.
It’s been clear to those in the cybersecurity industry for a while now that the frequency, sophistication and scale of cyber-attacks have been increasing, rapidly. For us, Morrison’s comments were nothing new.
However, it’s important to recognise the positives of the press conference. Most notably, the Prime Minister put cybersecurity on the national agenda and highlighted the importance and imperativeness of the issue to the everyday Australian. Hopefully, Australians will take note.
Unfortunately, despite all the warnings from the government and experts on cybersecurity it remains an endemic problem. Australians—in their personal and professional lives—continue to stick their heads in the sand on this issue with an attitude that “it won’t happen to me”. In fact, earlier this year Sophos conducted a study of 5,000 IT managers across 26 countries, including 200 from Australia. Australian respondents were the most confident in the world that they wouldn’t be hit by ransomware. News like we saw on Friday must change this attitude. It can’t not.
But there’s still a long way to go. Alongside the Prime Minister, we saw the Defence Minister Linda Reynolds speak about the importance of patching and using multi-factor authentication to improve defences. That’s all important, but more than this, there needs to be a cultural shift. Australians need to start with the assumption that they will be hit, and education and awareness must be prioritised.
How does this happen? The Prime Minister’s update will of course help with awareness and I look forward to the next cybersecurity strategy, which Morrison alluded is due in the coming months. The government needs to show leadership on this issue.
The cybersecurity industry also has a vital role to play. It’s no secret that when news like this hits the headlines, interest escalates. Over the last few days, we have seen an acceleration in the level of conversations within the security community about the breadth and depth of these sorts of attacks, and a consequential lifting of the level of urgency around implementation of best practices. The adage “it couldn’t happen to me”, suddenly dissipates as people realise this is a very real threat, and non-discriminatory. Our role as an advisor to our customers and to the wider community becomes more critical—a role we take seriously.
For a while, industry has pushed the importance of cyber being a board-level issue—and there’s certainly progress being made. Saying this, last year, we conducted a study of 200 Australian cyber and information security decision makers, who revealed their biggest frustrations are businesses assuming cybersecurity is easy, cybersecurity frequently being relegated in priority and budgets being low. These findings indicate there is a wider corporate culture issue impacting cybersecurity. Business leaders must find a way to address these frustrations. They must shift their attitudes toward the value of cybersecurity—understanding that it’s not just an IT issue solved with tools, but rather a business imperative that requires the diligence and awareness of every employee and manager for the business to develop a strong cybersecurity posture.
And finally, education must be the first line of defence. To a business or government agency, anyone with a computer represents a vulnerability. Human error and tactics like phishing continue to account for an overwhelming number of cyber incidents. Not educating workforces on cyber threats is on par with running a marathon with no training.
While it’s of course not great that attacks have been bubbling to the surface to the point that our Prime Minister needs to address the nation, I’m hopeful that one positive comes out of this: Australians wake up to the enormity of the cyber issue.
Want more? Get the latest coronavirus news and updates straight to your inbox! Follow Kochie’s Business Builders on Facebook, Twitter
Now read this