This morning’s address by the Prime Minister and the Defence Minister is a timely reminder that cyber-security is a serious issue and affects every aspect of Australian life. Everybody has a role to play in keeping us safe from cyber-security threats.
Sophisticated threat actors, state-based threat actors, have significant capabilities, and do not rest in their efforts to gain footholds into our systems, applications and data. It is important that governments, businesses and individuals remain vigilant and continue to improve their cyber-security practices.
We have entered a new era of business and government, where cyber-attacks pose an existential threat to business and can cripple the machinery of government.
This morning’s address acts also a signal to the threat actors responsible that the government and some in the private sector are aware of the attacks. Interestingly, two specific controls, patching internet facing systems (protecting the edge of networks), enforcing multifactor authentication for users (protecting the users), were specifically called out by the Defence Minister. The ACSC advisory details the level of sophistication of attacks, focussing on lightly used, test and development unpatched systems and well crafted spearphishing to steal credentials or trick users in granting them access to their cloud applications. Notably the attackers used sophisticated means to cover the command and control traffic, that speaks to their capabilities.
While Australia across has significant capabilities in cyber-security and an active cyber-security community, unfortunately not all organisations are at the same level, with many organisations simply not having right capabilities.
We are also struggling with a skills shortage, with unfilled cyber-security roles in every sector, that means many of the skills end up in the top end of town and large departments, leaving small and medium business and government agencies exposed.
News From
WhaTech Staff Writers