It’s only a matter of time before malicious actors figure out a way to get around whatever new technology cybersecurity professionals come up with.
According to the Australia Cyber Security Centre, ransomware cybercrime reports increased by 15 per cent in the 2020-2021 financial year, with Australian businesses losing over AU$33 billion to cybercrime during this time.
While Australian businesses are taking steps to combat these activities, ransomware attacks are evolving faster than the security controls required to fight them.
For instance, in a recent statement on the US Department of Justice indictment of cyber actors, Karen Andrews, Minister for Home Affairs, said that the Australian government is concerned about global malicious cyber intrusions, as detailed in the indictments by the United States Department of Justice.
“The Australian Cyber Security Centre is working closely with organisations across Australia to help build their resilience to cyber compromises and is engaging with victims of malicious cyber incidents to offer cyber security advice and assistance,” Minister said.
The government is also attempting to intervene and increase its efforts to address the growing security needs on the internet. For example, in January of this year, a new law was passed requiring platforms such as Twitter, Facebook, and Instagram to remove “cyber abuse material” within 24 hours.
Offenders of cybercrime against Australia’s critical infrastructure could face up to 25 years in prison. Furthermore, the law will allow Australian law enforcement to investigate and prosecute ransomware crimes and offences committed in other countries.
Criminals are increasingly collaborating and borrowing from one another’s playbooks. Attackers are moving beyond basic security and business continuity measures.
“Our cyber resilience as a nation is critical to our way of life, particularly given recent developments. Policies and regulations are only part of the puzzle. Nothing proves to independent observers that something is truly important more than having the right people in place with the appropriate focused set of responsibilities,” said Ian Yip, CEO of Avertro
Ian noted that the government removed the role of a dedicated minister for cybersecurity a few years ago, which he believes was a mistake.
“They subsequently announced the reinstatement of the role, only to not follow through, which was highly disappointing. It is high time we had a government that truly understands how critical cybersecurity is and is willing to take the necessary steps,” he said.
“We need a dedicated cyber ministry”
Meanwhile, Noel Allnutt, Managing Director at Sekuro, stated that while any investment in cyber security is beneficial, it does not address the much larger threat we face today – the vulnerability of our critical infrastructure to foreign adversaries.
“It’s reassuring to see that the government has finally started to acknowledge the need to improve Australia’s cyber security defences. The Department of Home Affairs just launched an AU$89 million centre that will be specifically tasked with preventing cybercriminals from scamming, stealing, and defrauding Australians.
“We need to see stronger leadership in this space, with a dedicated cyber ministry (which Labour has now promised), that will ensure Australia’s infrastructure is built with security in mind. A lack of foresight from the current and even past governments have meant much of our systems have been built with gaping holes that leave us wide open to potentially catastrophic attacks.
The new cyber security is a bit like playing whack-a-mole with cybercriminals. It might help prevent grandma and grandpa from being scammed, which, don’t get me wrong, is a positive outcome, but it’s not addressing the very real threat of cyberwar,” he added.
Consumer Data Right
The Australian government implemented the Consumer Data Right (CDR) in Australia on November 26, 2017. CDR will increase consumers’ access to and control over their data, as well as their ability to compare and switch between products and services.
The current federal government, according to Mark Perry, Chief Customer Officer at Biza.io, has made a clear commitment to investing in open data sharing.
“First off the block to comply with the Consumer Data Right (CDR) were the banks, and unfortunately, the process was far from smooth due to a variety of factors, one of which was that the specifications from the government continued to change throughout the process and were often poorly communicated.
“Considering the incredible importance of the digital economy on the future of Australia as a competitive world leader, we need to see stronger leadership from the government in prioritising the successful implementation of new standards, like the CDR, that are now the backbone of our digital economy.
“And that’s just not possible without rigour and maturity around the communication process. This takes time, expertise and money – all of which are desperately required in order to ensure Australia remains a competitive digital economy.”
Jacqueline Jayne, Security Awareness Advocate APAC at KnowBe4 said that the 2020 Cyber Security Strategy was delivered without the necessary measurable deliverables and outcomes linked to the human element of cybersecurity and the budgets have followed suit. Considering the overwhelming evidence that the majority of successful cyber-attacks/breaches are the result of human error, it stands to reason and logic that education and awareness of humans should be non-negotiable.
“Expectations are low with the upcoming 2022-23 Budget relating to anything remotely actionable and useful when it comes to keeping Australians safe online. The rhetoric has been predictable year after year with ‘lifting up our cyber posture’ and ‘building capability across national priority sectors’ plus ‘improving safety, security and trust’. Please note, there is nothing wrong with those things, it’s what’s missing that is a concern.
“Think about this for a moment. Now, and for many years, anywhere from 8 to 9/10 of successful cyber-attacks/breaches are the result of human error. That’s a lot. If we were to educate humans, increase their awareness, provide them with the tools, skills, and knowledge to make better decisions when it comes to being safe and secure online, would fewer errors be made? I say yes.
“Australia has been great at promoting safety on the roads, in the sun, on the beach and at work. How about a National Cyber Awareness Education Campaign for everyone ‘Think Cyber First’ or ‘Think before you click.
“We have a baseline to work with already and if done correctly, the Australian Government can move the needle. Even a small change could make an incredible difference when you consider the cost of reported cybercrime to Australians was $33 billion from 1 July 2020 to 30 June 2021
“Cybersecurity is everyone’s responsibility, and we are far from being in a position where Australians are making better decisions when it comes to staying safe online.”