The Cyber Security Industry Advisory Committee (IAC) is urging the Federal Government and businesses to ramp up their cyber security measures amid increasing threats due to the Russian invasion of Ukraine.
The IAC, which is chaired by former Telstra CEO Andy Penn, said the current geopolitical situation, the expansion of hybrid work outside traditional corporate firewalls and evolving threat actors, had led to a spike in attacks against Australian entities.
Although Penn said that while “considerable progress” had been made on Australia’s 2020 Cyber Security Strategy, more progress was needed.
“New technologies and the move to more time being spent online as a result of COVID-19 has created greater opportunities for cyber criminals,” Penn said.
“At the same time geopolitical tensions have grown following Russia’s attack on Ukraine, and the risk of attacks on Australian networks – whether directly or inadvertently – has also increased.
“Cyber criminals do not show bias, with attacks affecting everyone from your neighbour working from home to multinationals offenders saw cybercrimes including ransomware, mobile malware and business email compromise (BEC) significantly increase this past year.”
“There has been considerable progress since the Cyber Security Strategy was launched two years ago and there has needed to be, because the environment continues to evolve at pace and malicious actors are becoming ever-more sophisticated, more targeted, more brazen and in that context, we need to keep improving,” he said.
According to the Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report for 2020 to 2021, Australians lost $81.45 million to business email compromise (BEC) scams.
Meanwhile, according to IAC’s report, which cited research by Cybersecurity Ventures, it is estimated that ransomware will cost more than US$265 billion by 2031 unless more intervention measures are adopted. In Australia, the number of ransomware attacks reported rose by 15 per cent last year.
“The threats are real, so we have a lot more to do,” Penn said.
As a result, IAC, in its second report of its kind, issued six advisory steps to mitigate further threats. They are as follows: threat-sharing, raising awareness; improved education and measurement; hardening government IT security systems; protecting critical infrastructure and focusing on cyber skills.
These build on the Federal Government’s 2020 Cyber Security Strategy, via which it outlined how it plans to spend $1.67 billion over the next 10 years.
Almost half of this will be pumped into bolstering the Australian Signals Directorate (ASD) by investing $469.7 million into the recruitment of 500 additional cyber security specialists.
At the end of last year, Australian organisations spent over $4.9 billion on enterprise information security and risk management products and services.
According to analyst firm Gartner, spending in the market this year increased by 8 per cent, year-on-year — higher than 2020’s 6 per cent.