Australia revamps cybersecurity plans following succession of breaches

“Cyber health checks” will be offered to small- and medium-sized enterprises (SMEs) along with an awareness campaign to boost citizens’ cyber literacy under a wide-reaching cybersecurity plan released by the Australian government.

The country’s new cybersecurity strategy follows a succession of high-profile attacks, and aims to position Australia as a world leader in cybersecurity by 2030.

Highly skilled migrant workers will be sought to help bolster the country’s cyber workforce under the new plans. And steps will be taken to better protect critical infrastructure, including tightening requirements for telecommunications companies to bring them in line with other critical infrastructure entities.

The new strategy follows publication of the Annual Cyber Threat Report from the Australian Signals Directorate (ASD) – the body responsible for cyber intelligence – which highlights that critical infrastructure in the country is persistently being targeted.

Within the past year, Australia has seen a spate of large-scale attacks, including against financial services firm Latitude in March 2023, which affected 14 million people, as well as telecommunications company Optus and health insurer Medibank, with both events impacting around 10 million people. Several ports had to be closed in November 2023 following an attack on the country’s biggest operator DP World Australia, and surgeries have been postponed after attacks on hospitals.

The Australian Government’s cybersecurity vision is built around six key areas, or “cyber shields”. These are strong businesses and citizens; safe technology; world-class threat sharing and blocking; protected critical infrastructure; sovereign capabilities; and resilient region and global leadership.

The aim is to shift the focus and sentiment around cybersecurity from something technical and out of most peoples’ hands to something we all have a role in. This comes with stronger support for SMEs and an expanded focus on stronger public-private partnerships.

The cost of cybercrime rose 14% in 2022-23 from 2021-22 – hitting SMEs particularly hard – averaging at AUS$71,600 for large businesses, AUS$97,200 for mid-sized businesses and AUS$46,000 for small businesses, according to the ASD threat report.

Alongside this, calls to the Australian Cyber Security Hotline have risen by a third.

Against a backdrop of growing cyber threats, the World Economic Forum’s Global Cybersecurity Outlook 2023 examines the impact on societies and economies, and the steps that can be taken to boost security and resilience.

And time is of the essence, the report’s authors warn: “As the cyber landscape promises to become more complex in the coming years, it is critical that organizations work to resolve this now if they are to build systemic cyber resilience for the long term.”