Australian PM Scott Morrison discusses cybersecurity

Australian Prime Minister Scott Morrison. Source: AFP

Australian businesses are ill prepared for cybersecurity breaches

  • Australian cybersecurity has been found wanting, as the Aussie PM reveals a major cyber attack on the nation’s government, critical infrastructure, and private sector
  • A “state-based cyber actor” is strongly suspected, with China the key suspect
  • Latest incident affirms recent reports that Australian cybersecurity is not prepared enough for today’s cyber threat environment

As last week drew to a close, the Australian prime minister unexpectedly held a media conference to reveal that “a sophisticated state-based cyber actor” was targeting multiple levels of the Australian government, critical infrastructure, and private businesses as well in a coordinated cyberattack.

PM Scott Morrison made the public announcement to reportedly raise public awareness, and confirmed that a state-backed cyber attacker – which many news sources believe to be China – “with significant capabilities” is behind a recent, sizable increase in malicious cyber activity in Australia.

“I’m here today to advise you that, based on advice provided to me by our cyber experts, Australian organizations are currently being targeted by a sophisticated state-based cyber actor,’’ Mr Morrison stated on Friday.

“This activity is targeting Australian organizations across a range of sectors, including all levels of Government, industry, political organizations, education, health, essential service providers, and operators of other critical infrastructure.”

The prime minister would not confirm that the threat actor was indeed China, but Australia’s cyber intelligence agency, the Defense Signals Directorate, does suspect China’s Ministry of State Security for last year’s major attack on the Australian Parliament and political parties leading up to the 2019 elections.

Some cybersecurity experts however, such as the Cyber Security Research Centre’s Rachael Falk, believe that attributing the attack is not as important as securing the vulnerable data itself, labeling the calls to name the cyber attacker as a “distraction” from the more pressing issues of the country’s woefully underprepared cybersecurity measures.

Data from professional IT association ISACA’s State of Cybersecurity 2020 report found that local IT pros were already wary of the condition of Australian cybersecurity in their enterprises before the latest attack took place. The survey found that only 40% of CIOs in Australia were “highly confident” that their cybersecurity teams were prepared to respond to the mounting cybersecurity attacks that were occurring during COVID-19.

And before COVID-19 emerged, 64% of respondents in Australia believed their organization’s cybersecurity teams to be understaffed, while 58% say they have unfilled cybersecurity positions on their team right now.

What’s more, 26% of survey respondents reported an increase in the number of cyberattacks compared to same period a year ago, and 89% believe the rapid transition to remote working has increased data protection and privacy risks.

“In the wake of what is probably Australia’s biggest cyberattack, ISACA’s research has found the risk has never been higher for a cyberattack, given the recent economic crises our country has endured,” said former ISACA Board Director Jo Stewart-Rattray, who is the current Director of Information Security & IT Assurance at BRM Advisory. “As businesses and the Government prepares for the new normal, they must understand the risks and their ‘cyber maturity’ in order to protect their data, assets, and personal information.”

In fact, in a direct contradiction of the Australian government’s assertions, University of New South Wales (UNSW) cybercrime expert Richard Buckland claimed that the cyberattack on Australia was “not very sophisticated” and the fact “that we’ve been caught out so badly speaks to a widespread underinvestment in cybersecurity.”

This “widespread underinvestment” coupled with the increase in cyber threats during COVID-19 and compounded with the additional security vulnerabilities, could well have paved the way for the intrusions on Australia’s government, critical infrastructure and businesses – and why the motivation behind the latest attacks are “difficult to understand” as PM Morrison put it.

“What is of interest to us is that it is occurring and what we are focused on is the practices that they’re employing and we have some of, if not the best agencies in the world, working on this and that means that they are putting all of their efforts in thwarting these attempts,’’ the prime minister asserted.

“I can confirm that they have thwarted many, but this is a very complex area and it requires constant persistence.”