The federal government recently unveiled an almost $9.9 billion funding package to enhance our cybersecurity preparedness. It is encouraging to see this investment given the ongoing threat of cyber-attacks against Australia’s critical infrastructure. But on its own, it’s not enough, and government cannot do it alone.
Australian businesses must continually reassess their cybersecurity defence amidst an increasingly volatile climate. Strong and effective cyber resilience is quickly becoming an organisation’s greatest asset and the critical cyber metric of interest to company boards.
As we continue to see state-sponsored threat actors and cyber-criminal gangs wreak havoc on governments and private enterprises, the risk to Australia’s critical infrastructure and services remains high. A significant cyber-attack on the healthcare, utilities, education and transport sectors is not a question of if, but when. And the result will be devastating, both in terms of financial impact, and more importantly, lives lost.
The main target for adversaries: people
No organisation is immune to attack. High-profile cyber breaches prove this almost daily. In the hybrid working world especially, organisations must hone their defences and make enhancing their security posture a critical business focus and ongoing priority.
Employees are now more likely to work from anywhere, rather than behind your firewall, and your defences need to adjust. People aren’t just your last line of defence or your “weakest link”—they are the main target for adversaries as your primary attack surface.
Creating a security-conscious culture and adopting best practices in cybersecurity awareness training are essential to maintaining cyber resilience. They are also areas where our research shows Australia is falling behind its global counterparts.
In a recent survey by Proofpoint, more than 90% of Australian respondents said their organisation faced spear phishing, business email compromise (BEC) and email-based ransomware attacks in 2021. And 92% of Australian respondents said their organization experienced at least one successful phishing attack, the highest of any region surveyed globally—and a 53% year-on-year increase.
Greater public-private collaboration is essential
Adopting a defence posture that focuses on people and leverages technology will help organisations of all sizes and across all sectors in Australia to stay alert and protected in the digital future.
Again, the government’s cybersecurity investment in fortifying Australia’s cybersecurity preparedness is welcome. But greater collaboration between the public and private sectors to share threat intelligence, technology and resources is also required. The government’s action should serve as an urgent wake-up call for Australian businesses to get serious about cybersecurity.
We all have an important role to play in keeping Australians safe. And those who have thus far paid only lip service are running out of time to act as the frequency, sophistication and impact of digital attacks continues to escalate.