In recent years, cyber attacks have been on the rise around the globe. In 2022, the median initial ransom amount rose to $500,000 as more public sectors fell victim to malicious attacks. In Australia, climbing cyber attacks have damaged the country’s vital infrastructure, with lasting and costly consequences.
Major industries in Australia — including manufacturing, finance, foreign communications, and the healthcare sector — have been targets of cyber attacks. According to the most recent report from the Australian Cyber Security Centre, the 2021 to 2022 period saw 76,000 reports of cybercrime, with an untold number more going unreported.
It’s not just the number of attacks that’s growing, either. It’s the size. In March of 2023, Latitude, a major Australian financial services provider, was the victim of one of the largest cyber attacks the country has ever seen, with a major data breach at the firm affecting nearly 15 million people. The hackers were able to access key information about Latitude’s clients, including names, dates of birth, email addresses, home addresses, and passport numbers.
As it is around the world, there are many cybersecurity vulnerabilities in Australia’s vital infrastructures, and threat actors are working hard to actively exploit them. The damage these attacks could deal to the continent are massive, and organisations in Australia and New Zealand must act now to arm themselves against attack.
Cyber Vulnerabilities in Australia’s Vital Infrastructure
Modern cyber attacks pose a debilitating threat to the vital infrastructure of Australia. This includes the nation’s transportation networks, the energy grid, the telecommunications sector, and the entire healthcare industry. When even one of these infrastructures is compromised it can wreak havoc, causing extensive and lasting damage to civilians and the government alike.
Each of these vital infrastructures is affected by contemporary developing technology trends that provide increased ease of communication, but also expand attack surfaces and create new opportunities for threat actors.
Since the coronavirus pandemic, most businesses across industries have enacted a digital transformation, transferring vital files and processes to remote cloud-based software and digital collaboration platforms. This creates broad opportunities for remote working and collaboration, but also opens new weak points in cybersecurity defenses that threat actors can exploit.
In addition, the large-scale adoption of technology based on the Internet of Things (IoT) is leading to greater convenience and monitoring capabilities. Smart cities, smart transportation networks, and smart energy grids can have revolutionary effects in terms of power consumption and customising control. But enterprising cybercriminals can also breach these digitized utility networks if they are not properly secured.
Australian Government Response to Cyber Vulnerabilities
To respond to the increase in cybersecurity attacks that have plagued Australia over the past year, the Australian government is taking key actions. The government has stated that they have plans to establish a new national cybersecurity office within the Home Affairs Department. The government has already released a 2023 Critical Infrastructure Resilience Strategy, which includes plans for protecting supply chains, IT and communications networks, and other vital infrastructures.
This year, Australia updated the 2018 Security of Critical Infrastructure Act, or SOCI Act, to include new protective measures that require specific entities to comply with more stringent government-mandated cybersecurity regulations. The updated act should also provide more resilience for vital infrastructures, as it contains preventive measures that will help mitigate the damaging effects of successful cyber attacks. Organisations must update their security protocols to comply with the regulations of the act by August of 2023.
Actions Australian Organisations Can Take To Prevent Cyber Attacks
In addition to the changes the Australian government is implementing, there are specific actions that Australian organisations can take to help secure vital organisational infrastructures.
Implement Zero Trust Security Policies
Zero trust security infrastructures require each user to securely validate their right to access the system or files requested. Zero trust security assumes that each login attempt indicates a threat, taking a “guilty until proven innocent” approach to cybersecurity that requires even the most senior officials to prove their legitimacy before they can access secure restricted systems.
Multi-factor authentication is a key component of zero trust security infrastructures. Each user who intends to log in to the restricted access system or network must verify their identity through multiple channels. This way, even if one credential is compromised, MFA still prevents cybercriminals from accessing the system.
Risk-Based Vulnerability Management
Risk-based vulnerability management, or RBVM, utilises machine learning tools to help determine which assets are most critically vulnerable. By using this approach, organisation heads and IT experts can prioritise which areas to secure first based on how much of a risk factor they present to the security of the system overall. RBVM mitigates the potential damage of a successful attack by shoring up cyber defenses around the most critically vulnerable aspects of your environment. This strategy helps focus cybersecurity resources and protect the most significant vulnerability points.
Also known as continuous monitoring, it is essential for providing comprehensive cybersecurity coverage for any organisation. Implementing continuous coverage ensures that every security event that enters the network is witnessed, monitored, and dealt with. Providing comprehensive 24×7 security coverage can improve an organisation’s average time of detection as well as response, creating the opportunity for swift and immediate mitigation of any attempted security breaches.
Boost Cybersecurity Training and Education
Social engineering targets individuals and relies upon their victims being unaware of what a potential security threat can look like. Enacting comprehensive security awareness training will reduce the threat level at the interpersonal level within an organisation. Effective security awareness training programs should educate employees about the potential threats that exist and ensure that threat response protocols are broadly understood, including specific chain-of-command threat mitigation actions.
The Importance of Investing in Your Organisation’s Cybersecurity
Cybersecurity is a real and dangerous threat to Australia and New Zealand organisations today. CEOs are the first line of defense when it comes to protecting the sensitive data of their clientele, employees, and colleagues. It is up to executive leadership to put their commitment to the safety of their organisation’s employees, assets, and clients at the forefront of their decision-making processes and policy enactment.
Investing in your organisation’s cybersecurity means ensuring that the company can continue to grow and thrive in the long run. Cybersecurity boosts not only your safety, but also your company’s resilience and reputation. Providing employees and customers with an efficient and comprehensive cybersecurity plan means prioritising investment funds into shoring up cybersecurity defenses. The trustworthiness of your company depends on it.
As every sector across the globe becomes increasingly reliant on digital infrastructures, cybersecurity will continue to rise in prominence and significance. Build resilience into your company’s growth plan by investing in cybersecurity today, in order to hone an organisational environment in which everyone’s data remains tightly secured.
And learn how to implement the ACSC Essential Eight Mitigation Strategies.