10 April 2023

Survey echoes Home Affairs Minister’s warnings of cyber vulnerabilities

| Andrew McLaughlin
Start the conversation
Clare O'Neil

Home Affairs and Cyber Security Minister Clare O’Neil says Australian are starting to sit up and take notice of cyber threats. Photo: Facebook.

A survey of Australian public sector employees has highlighted a growing awareness of critical cyber security vulnerabilities.

The global survey, which included 1000 Australian cyber professionals, was conducted by research firm Trellix. It found that 41 per cent of respondents thought their employers had vulnerable ‘blind spots’ in their cyber defences.

The survey results were released just a day before Home Affairs and Cyber Security Minister Clare O’Neil announced the Commonwealth would host large-scale cyber exercises as it seeks to build up Australia’s defences against major cyberattacks.

Addressing the Sydney Dialogue forum on Tuesday (4 April), Ms O’Neil said recent attacks on major Australian institutions were causing Australians to sit up and take notice of cyber threats.

“As you know, last year Australia experienced the Optus and Medibank attacks – the two biggest attacks in Australian history – within three weeks of each other,” she said.

“For a lot of you in this room, the big challenge before this was getting cyber security to be taken seriously. But now, it’s at the top of the agenda, at the boardroom table and at the kitchen table.

“Optus and Medibank are the tip of the iceberg,” she said. Financially motivated cyber actors and extortionists are public enemy number one.

“These groups subvert legitimate business models for financial gain, creating online portals for ‘hacking as a service’ where anyone can purchase the tools and support necessary to conduct a cyber incident or data, especially in the form of a ransomware attack.”

READ ALSO New cyber security office and laws headed our way

The Trellix survey echoed Ms O’Neil’s claims that it had been difficult for cyber security to be taken seriously, saying just 18 per cent of respondents felt they could successfully anticipate new threats with the threat intelligence they currently receive, and that 59 per cent feel they are losing the battle against cybercriminals.

“The public sector holds some of the most critical data to Australian citizens and, as a high target for cybercriminals, the readiness to deal with malicious activity must be improved to protect everyday Australians from the fallout,” Luke Power, managing director ANZ at Trellix said in a 3 April release.

“It’s clear from our research that cyber security professionals feel their current security tools and models are failing to provide adequate protection against cyber threats,” he added. “With cybercriminals becoming more sophisticated and the threat landscape constantly evolving, further advancing cyber security technologies is imperative for the public sector to stay one step ahead.”

The Trellix survey sought responses from 9000 cyber security decision-makers from organisations with 500 or more employees across 15 markets, including Australia, Brazil, Canada, Chile, Colombia, France, Germany, India, Indonesia, Mexico, Singapore, South Africa, the UAE, the UK and the US.

Numbers and letters on a screen.

Australia’s cyber threat policies are getting a rework. Image: File.

In her address, Ms O’Neil said she didn’t want to sound alarmist, but that it was vital that the threat be taken seriously.

“I can’t emphasise how important having a standalone Cabinet Minister with responsibility for Cyber Security is,” she said. You see it in your own organisations – when cyber is competing with other risks and priorities it can be the ninth or tenth thing on the to-do list.

“For me, this is top of mind every single day. And that’s allowed us to move really quickly.”

Part of the government’s strategy involves what Ms O’Neil described as a strategy of “punching back”.

“We’re doing that through our Hack the Hackers Taskforce,” she said. “A 100-strong force of ASD [Australian Signals Directorate] and AFP officers who are hacking back at criminals who would seek to do Australia harm.

“Australia is also working closely with our international partners under the Counter Ransomware Initiative, with Australia leading that initiative to get global cooperation in how we tackle ransomware.”

READ ALSO The clock is ticking for TikTok as government moves to ban it

She also re-committed the government to a longer-term strategy of booting Australia’s cyber resilience.

“In August 2022, I announced that Australia would develop a new cyber security strategy, with the aspiration to make us the most cyber secure nation in the world by 2030.

“We will ensure we are working to protect our people and economy, leading by example with our government’s cyber security, supporting our region and building our cyber security ecosystem.”

“Despite the threats we face, I am convinced that as a nation we are up to the challenge,” she added. “You only have to talk to brilliant, passionate Australians at the Australian Signals Directorate or in the security operations centres of corporate Australia to feel confident in this.”

Start the conversation

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.