Among spiraling cost of living pressures, and the threat of kinetic warfare in our region, millions of us have already been impacted by a silent and insidious form of attack – cyber, according to leading cyber security solutions provider VeroGuard Systems.
"The unwavering onslaught to our personal privacy and information is unprecedented in its ferocity. Attacks on government agencies and businesses that we use every day, those that would do us harm know that data and online access is at the heart of our economic ecosystems, said Nic Nuske, CEO of VeroGuard Systems.
According to the Australian Signals Directorate, on average, one cybercrime is reported every six minutes – with ransomware and breaches causing billions of dollars damage to our economy every year," Mr Nuske said.
"In recent months, we have witnessed severe disruptions to our national economy and significant risk posed to our privacy through cyber-attacks. We've heard of the high-profile attacks like DP World, Optus, Medibank, and Telstra – yet hundreds go unreported.
"Rogue nations, groups and individuals are intent on testing Australia's defence capabilities, to cause widespread disruption, chaos, and economic devastation. Our critical infrastructure is constantly being probed, and so are we… every Australian is in the scope of hackers – both directly and through disruptions to the services we rely on.
"As threats become increasingly sophisticated – it is no longer adequate to just patch software, buy off the shelf detection software and switch on second factor authentication – we're under attack, and an urgent uplift to our security infrastructure and standards are needed.
"A vulnerability to one is often a risk to us all. Government and industry leaders must urgently elevate our organisations cyber security postures to protect every Australian. Our organisations must lead in the requirement to adopt zero trust architecture if we are to become one of the world's leading cyber countries by 2030.
"The consequences if we lag are dire – businesses will stumble and often fold, trust in government institutions will deteriorate, our personal security and wellbeing will be affected, our society will be compromised. The economic impact from cyber-crime is expected to increase almost 300% to US$23.8 trillion by 2027 representing about 28% of global GDP which is a direct loss of wealth, services, and investment for important projects.
"There are significant economic advantages that may stem from our AUKUS agreement with the United Kingdom and United States. As a key enabler for our Defence capabilities, Australia is preparing for an unprecedented sharing of technologies and knowledge between allied nations. For this to be a success, any transfer must be shielded by a high level of trust and confidence that Australians will be good custodians of this sensitive information.
"While we are firming up our standards across critical infrastructure like electricity, water, and telecommunications – we cannot shy away from the need to adopt higher standards across other recognised vulnerabilities, such as Defence's supply chain partners – often made up of small businesses who lack the resources to protect themselves.
"However more broadly, who is looking out for the millions of Australians who are currently exposed?
"Given what is at stake, the actions by government and large industry have been unable to stem the tide. Primarily focusing on detection and remediation initiatives that are designed to react rather than defend are proving to be inadequate.
"Equally changing habits and behaviors through education programs is worthwhile – but governments cannot outsource the problem to those that lack the knowledge and resources to solve the growing issue.
"A belief, that it is ok to compromise security for perceived convenience, is counter intuitive. There are few things more inconvenient than having to rebuild a person's identity or try to run a hospital or airport without the systems on which we now depend. Governments must invest resources to roll out defence grade preventive mechanisms and build the cyber security infrastructures that underpin zero trust networks. Indeed, it is widely accepted that identity centric security is the bedrock to Zero Trust Architecture.
"It is important to acknowledge the release of the Australian Government's Cyber Strategy, efforts to uplift critical infrastructure standards and progress coordinating a Country wide digital identity framework. I also welcome the ambitious target to embed a zero-trust culture across the Australian Public Service to become a global cyber leader by 2030.
"It is also intended to achieve a consistency in cyber security standards across government, industry, and jurisdictions. I commend the Australian Government for taking the initial steps to strengthen legislation and mandate the reporting of incidents. The Strategy provides much needed focus on weaknesses, especially educating businesses on the inherent risks.
"However, to achieve the zero-trust outcome, urgency is required on implementing measures that deliver non-repudiable identity verification online for everyone and greater focus on standards to protect remote access and privileged access management.
"Simple actions now can lead to significant and enduring benefits across Australian communities, such as:
- Setting and policing rigorous cyber security standards across government and the private sector. Make these standards a pre-requisite for doing business with Government.
- Establishing a robust baseline for cyber security infrastructure that the whole country must comply with.
- Re-Focusing government grants and investments to incubation programs within Government agencies that focus on sovereign solutions to provide an overall uplift to Australian capability.
"I applaud the Albanese Government's ambitious plan to boost domestic manufacturing and progress to a 'Future Made in Australia Act.' The immediate priority must be building sovereign capabilities that reinforce our national security including cyber-attack prevention. Preference must be given to innovative solutions made locally through pilot programs and meaningful contracts. This is a model that has worked with tangible results in Countries such as Estonia, France the United Kingdom, and United States.
"It's clear that the government agencies tasked with protecting us are challenged by the increasingly sophisticated threat environment. Adversaries attacks are are buoyed by AI and the development of quantum technologies and an increasing intent to inflict damage on Australia's economy and communities, we're seeing the rate and sophistication of attacks continue to escalate and no sector is safe.
"The economics and current trends are irrefutable, so corporate and political decision makers must carry the responsibility to invest in areas that effectively do a better job of protecting Australians online and our future economic prosperity.
"Adopting Defence certified preventative solutions across the country is achievable and affordable. There are Australian owned and manufactured options – we should use them.
"If Australia is to achieve its ambition to be a cyber security world leader by 2030, it must move now to implement policy and funding changes that enable local capabilities to foster and transition away from legacy systems with improved confidence in the security of using the Cloud and connected networks.
"Until we do, cybercriminals will continue to view Australia as an attractive target, and why wouldn't they when it continues to be a low cost and high pay off activity? Much smaller nations than Australia, have shown us how an efficient and targeted use of resources combined with the political will, can deliver effective uplifts to cyber security capability and solutions.
"Now is the time for our political and industry leaders to step up and use world leading Australian solutions to achieve their and everyone's objective of being more secure online," Mr Nuske said.