Amid a growing multi-sector cyber-threat landscape, the Australian government aims to make industries more resilient. Recently, the government has announced counteractive drills with large organizations, especially in industries including telecommunications, banking and electricity, to help them better address the increased security threats.
According to research by the security platform Flashpoint, Australia experienced a marked increase in the total number of breaches reported in 2022 compared to the preceding years. Of these, data breaches were most rampant in public administration, telecommunications, information and education, as well as finance and insurance. The research revealed that threat actors focused mainly on obtaining email addresses and account credentials in order to hold them ransom or sell them illegally.
Poor cybersecurity practices are a key contributing factor to these breaches. Notably, a common problem in the public sector was the use of employees’ personal emails on government systems to subscribe to services unrelated to work.
Accounting for 72% of Australia’s 50 million stolen credentials, the media and telecommunications industry was found to be too relaxed with its security practices. This susceptibility is compounded by remote working, which makes shared information even more vulnerable to threat actors.
For the period from July 2021 to June 2022, the Australian Cyber Security Centre (ACSC) reported over 76,000 cybercrimes, representing a 13% increase from the previous financial year. The government agency for cybersecurity noted an “increase in the number and sophistication of cyber threats, making crimes like extortion, espionage and fraud easier to replicate at a greater scale.”
The ACSC reported a total of 95 cyber incidents on critical infrastructure, with multiple attacks on its essential services thwarted, including an attack on government-owned CS Energy, responsible for some of the country’s electricity output. Ransomware and software vulnerabilities have been major contributing factors to these incidents.
Last October, Optus suffered a cyberattack that potentially compromised up to 40% of Australians’ personal information. A threat actor later demanded a $1 million ransom and released about 10,000 records to coerce Optus to comply with its demand. Similarly, about 30,000 current and former employees’ data was breached at Telstra. In December, TPG Telecom similarly fell victim to a cyberattack that compromised up to 15,000 corporate customers’ emails.
In other sectors, the Indonesian unit of the Commonwealth Bank of Australia was also subject to a cyber threat, and health insurer Medibank experienced a breach that compromised 9.7 million current and former customers’ data.
Many industry experts attribute growing cyber breaches to a lack of skilled employees to effectively safeguard organizations in the cybersecurity industry. As a result, cybercrime increased by an average of 14%, with the average cybercrime costing small businesses approximately AUD$39,000 and medium businesses approximately AUD$88,000.
Australia Not Alone in This Plight
As countries embrace a digital-first economic landscape, more are inevitably falling prey to heightened cybercrimes. According to AustCyber, the Australian cyber market accounts for A$2.4 billion of the country’s GDP. The country is also ranked as the fifth-most powerful cybernation in the world. Clearly, Australia is a country that prioritizes cybersecurity. But the threats are real, and Australia is not alone in falling prey to increased cybercrime.
Research group Tenableut has noted that out of the 1,335 publicly disclosed data breaches that took place worldwide between November 2021 and October 2022, 68% took place in the Asia Pacific, making the region most exposed to cyber threats compared to regions including North America, the Middle East, Europe and Africa. The latter group collectively accounted for just 31% of all records compromised.
These figures are a wake-up call for greater vigilance as the digital environment becomes more precarious. Australia is proactively raising its stance on cybersecurity and cyber investments. Among its many initiatives, the government has legislated cybersecurity obligations for businesses across 11 sectors deemed critical infrastructure — namely electricity, communications, data storage or processing, financial services and markets, water, healthcare and medical, higher education and research, food and grocery, transport, space technology and the defense industry — for businesses or entities to develop a comprehensive risk management program that effectively counters cyber threats.
R&D tax incentive programs have also been rolled out, aimed at advancing cyber innovation in the country. Additionally, state-based incentives provide payroll tax relief and subsidies for cybersecurity employees to ensure that organizations place adequate emphasis on cybersecurity.
As the modern digital environment continues to evolve, governments and organizations cannot afford to rest on their laurels and must instead be committed to safeguarding assets, data and infrastructure at all costs.